SSL: It’s Not Just an Option Anymore… You Will be Embarrassed without One!

Have you noticed something different with websites—maybe your own—lately? Something in the address bar at the top of your web browser?

Look at any site’s domain name. There’s a little “i” inside a circle that precedes the domain.

It will either be followed by a green padlock and perhaps the word “Secure,” also in green. If those aren’t present, clicking on the circle will bring up a message that reads “Your connection to this site is not secure.” Worse, it warns you that you should not enter any sensitive information on that site (e.g. passwords, credit card information, etc.) because it could be stolen by attackers.

Wow! WTF?  That site was safe yesterday, wasn’t it? What exactly is going on here?

Well, Google has been at it again. In their continuing quest to make the Internet clear, relevant and safe for everyone, Google is now pushing yet another change our way. Not that I disagree with this one, but it’s one more chance to embrace something new. Again.

Here’s the Scoop

For a few years now, websites that process payments have been encouraged to carry an SSL (secure socket layer) certificate. You recognized this by the “s” that gets added to the “http” that precedes a domain name. The “s” means “secure.” (You can see the green icon and https on this website in the top address bar…)
But now, Google encourages all sites that collect user information, whether passwords, sensitive information or just your name and email address, to be “secure.” The SSL certificate is the official seal of safety that indicates whether your connection is secure. The security is accomplished through an encryption process that is not applied to standard http connections.

But wait, there’s more! Google now gives preference in search results to sites that carry the SSL certificate. So, your site gets a little bump in the search results.

And even more… Eventually all sites without the SSL certificate are going to get an obvious, nasty red “Not secure” notice that will stand out like a sore thumb on your website. We don’t know exactly when Google will unleash this nastiness, but it’s coming—and probably in 2017.

How to Get an SSL Certificate

Getting an SSL certificate is a good idea if you don’t want people to get scared away from your site—especially when Google exerts its next level of control over peoples’ browsing experience.

How to get one will vary depending on several factors.  First, cost: You can get a free SSL certificate through Let’s Encrypt, a foundation sponsored by Google, Facebook, Mozilla, Cisco and a host of other companies. Or, you can pay for your SSL certificate through various Internet product providers.

There are different levels of SSL certificates. You can choose based on your level of need for encryption and/or the ease which you want to experience in applying your SSL certificate.

On the last point, I have tried two ways. One took me 15 minutes, while the other took me more than four hours and subjected me to excruciating frustration.

I host with Godaddy, and found it takes 15-20 minutes to purchase and install an SSL certificate for clients who use Godaddy’s Managed WordPress Host Accounts and also have their domain registered there. No sweat.

But recently I undertook the same task with a client who had an older, non-WordPress site where the domain was registered one place and the hosting was elsewhere. It turned out to be the most excruciating, frustrating time-consuming process (nearly 4.5 hours!). I had to learn unfamiliar provider interfaces (always a time-burner). But worse, the security process that geeks have invented and set up is so cumbersome with so many steps that it makes the process virtually unworkable.

SSL Certificates: Site Owners’ Choices

The lesson here—and your options—are as follows:

  1. Be prepared to devote the better part of a day to this (or more, if you don’t have much technical understanding). Or,
  2. Be prepared to pay someone to spend that kind of time. Or,
  3. Make life easy in advance by consolidating all your internet accounts at Godaddy.