Several months ago, I wrote a blog post outlining good reasons to encrypt your entire site with an SSL certificate. The advice was for clients who aren’t transmitting sensitive personal data, processing eCommerce transactions, and so forth. If you are doing those things, SSL is and has always been mandatory.
Where encryption was once a “nice to have” item, we’re rapidly approaching the time when SSL will be essential for all websites.
That post said that encrypting a website is a low-cost, low-effort way of making a noticeable improvement in a website, both by increasing visitor confidence in your site and via the SEO boost search engines provide for rewarding best practices. Since then, the landscape has continued to evolve, and where encryption was once a “nice to have” item, I’d say we’re now rapidly approaching the time when SSL will be essential for all websites. Here’s why:
- Google has recently announced a deadline for July 2018, after which all sites that aren’t encrypted will have a “Not secure” flag at the left edge of the Chrome address bar (that box at the top of your browser where you type URLs or search terms to go to a website). This has existed in Firefox for some time, but since Chrome is the most popular browser by far, it means a radical increase in the number of people who may be alienated by your site if it isn’t encrypted.
- Chrome and other browsers are becoming more assertive about announcing unencrypted elements they believe should be secure. If your site contains a contact form, for instance, or an email signup form—two extremely common features found in almost any kind of website—you may already see popup boxes with disconcerting messages along the lines of “This form is not secure. Hackers may be trying to steal your personal information. . . ” when trying to submit the form. Needless to say, this can easily undermine confidence in your site and keep a visitor from reaching out, defeating much of the purpose of having a site at all. I’ve seen this on a couple of clients’ websites and fixed it by adding an SSL cert.
This article with the somewhat alarmist headline “You have five months to switch your website to HTTPS” is typical of what I’m seeing with increasing frequency, as is this one “Google Sets Deadline for HTTPS and Warns Publishers to Upgrade Soon.” If you’d like to research this issue yourself, those two articles are a good place to start, but more information is widely available.
If you’d like to hear more about this, just call or email, and I’m happy to answer your questions, as always.