Scarlet Letter Coming for non-SSL Sites

Google, Firefox, and other major players are pushing to force website owners to install SSL certificates on their sites. On February 8, 2018, Google announced that beginning in July 2018 Google’s Chrome browser will begin to identify sites lacking an SSL certificate as “Not Secure” to visitors.

Security for All

SSL is a security layer which encrypts traffic between user and host. SSL has always been vital for eCommerce, banking, or other exchanges of personal information. However, the average blog or small business website owner often may not have felt compelled to spend $50-100/year on SSL certificates through their hosting provider. Times have changed, and thanks to new options, such as service from non-profit LetsEncrypt, there are ways to get SSL certificates for free.

HTTPS > HTTP

Installing an SSL certificate will allow you to change your site’s URLs to route traffic over HTTPS rather than “HTTP”. The “S”, stands for “Secure”, and it is fairly simple to start changing your website’s existing link structure to support the secure protocol. At the server level, you can force incoming traffic to default to HTTPS, and require them to only interact with your website via the secured method, effectively blocking off the outdated “HTTP” road.

HTTPS Everywhere

Beyond protecting your personal your business website, I always recommend installing the HTTPS Everywhere plugin from the Electronic Frontier Foundation. The plugin protects you while you browse the web, by trying to force your connection to websites over HTTPS instead of HTTP whenever the website you visit supports that security layer. It is something you can set and forget, but it is always going to be there helping you to be a little bit more secure.