It used to be the case that the only places you would see the green lock in your browser bar and https is on bank sites and large retailers, places where credit card information would be input. However the fact is that standard http is inherently insecure and the last few years have seen some huge security breaches on big sites.
Even on sites that don’t have an e-commerce function people are still handing over personal information and using passwords in all kinds of ways, newsletter signups, comment sections etc etc. And all of that information can be potentially stolen by people intent on data theft for profit.
The secure protocol https has been around for some time, so why is it that now it’s become such a big deal. As with any things people will not change unless they are forced to do so. Right now the main instigator in persuading sites to change is the almighty Google, who have declared they will start to penalise non-secure sites with security warnings in their Chrome browser as well as potential demotion in search engine results pages. Google makes no differentiation between any types of sites and their functions, whether they have financial transactions or not, the simple rule is that SSL for every site makes the whole internet a lot safer.
https://security.googleblog.com/2017/04/next-steps-toward-more-connection.html
For many years security companies (Certificate authorities) have been charging money to install SSL certs on sites. The problem is it’s been a technical process best left to techies so adoption hasn’t been huge. And there hasn’t been a huge incentive even when the paid versions have started to get very cheap - the cheapest basic (DV) certs can now be purchased for less that $10 per year.
But recently as part of the push to make https the standard companies like LetsEncrypt and Cloudflare started offering SSL for free. Certificate authority Comodo and web hosting platform giant cPanel have also joined forces to offer free SSL to sites running on their platforms - by their own calculations they are now securing 240,000 sites per day.
If your site has mixed http and https references it will not be marked as secure with the green lock icon in the address bar. Mixed or insecure content can be from any local or external resources that your site loads over http including javascript resources, fonts, images comment plugins and social media sharing features. For this reason it’s worth doing an audit on your site to ensure all resources are served securely.
So the first port of call would be to have a chat with your web designer as they should know how to hook you up with SSL. If you have a DIY self-built site then you need to contact your hosting company and they should be able to help.
Here’s some other useful links:
https://blog.cloudflare.com/introducing-universal-ssl/
https://blog.cpanel.com/autossl/
As mentioned above the next major update for the Google Chrome browser is due in October, don’t get left behind, don’t be a “guilty remnant”. Get locked.
Photo by James Sutton on Unsplash
