Google’s Next Move Against Non-SSL Websites

Sep, 26, 2017 | Business Websites, Community, Online Security | 19 responses
Google's Next Move Against Non-SSL Websites

If you wish to seek assistance or need some questions answered, feel free to call our sales team on 1300 694 678.

From July 1st, Google Chrome 68 will be released which aims to further take the fight to websites that are still running without an SSL certificate, and are therefore insecure. Any sites that do not have SSL Certificates will be prominently marked in the address bar:

ChromeUpdate

The purpose of installing an SSL certificate is to encrypt the data travelling between your website and your visitors, ensuring that malicious third-parties can’t get their hands on the sensitive data your customers may be typing into your website, such as passwords or credit card details.

What are the changes?

Currently, Google Chrome (which around half of all internet users use to browse online) warns users by placing a “Not secure” label in the address bar if they are visiting an insecure web page that contains a credit card or password input field.

These warnings are set to extend to a further two scenarios:

  • When a user fills in ANY input field type on an insecure web page (such as a contact form)
  • ALL insecure web pages when browsing via incognito mode

Google Chrome eventually plans to extend this warning to users to show for ALL insecure web pages, whether or not they have any particular types of input fields on them and regardless of whether they are being viewed in regular or incognito browsing modes. (You can read their full announcement on the changes here!)

So, if you’re still running your website without an SSL certificate, now is definitely the time to make the switch over from http to https!

Secure your website now

 

How do I know if I already have an SSL certificate installed/enabled?

First, try to visit your website without using any http or https prefix (to see whether your site automatically loads in http or https), for example, type: “yourdomain.com.au” into your browser’s address bar. If the site loads okay and you can see the padlock in your browser’s address bar, this means your site has an SSL certificate both installed and enabled, and nothing further needs to be done!

If your site loads but isn’t showing the padlock, try instead typing your website address into your address bar including the https prefix, such as: “https://yourdomain.com.au”. If the site loads okay, that means you have an SSL certificate installed, but it is either not enabled, or you have mixed content which is preventing the page from being fully secure.

If the site doesn’t load at all this way, that means you do not have an SSL certificate installed/installed correctly.

We highly encourage all e-commerce sites to purchase an SSL certificate for maximum protection and enhanced customer trust.

What is mixed content?

Mixed content means you have an SSL certificate installed and enabled, but something on your web page is being loaded insecurely via an http link. This could be anything from an image within your code which is being called to using its old http link, rather than its new https link. It could also be a plugin you are using to insert some other feature on your page.

Why No Padlock? is a handy tool to help you determine if you have any mixed content, and what that mixed content specifically is. Once you’ve found the culprit(s), if any, updating the link(s) to use https should solve the issue.

We’d recommend consulting your web developer if you are unsure how to tackle any of the above, as they will be able to assist you in determining and resolving any mixed content errors.

How do I get an SSL certificate?

First off, you’ll need to decide what SSL certificate best suits your needs. Click here for a handy wizard to determine which SSL certificate is right for your website.

Alternatively, you can give our sales team a call anytime on 1300 694 678 (press option 3) to have us assist you in choosing the right option, or answering any other questions you may have!

How do I install an SSL certificate on my hosting account?

If you purchase an SSL certificate through Digital Pacific, you will receive an email containing installation instructions after you complete checkout. You can also use the following handy guides from our knowledgebase which will step you through the process.

How do I enable my SSL certificate on my website?

Once you’ve determined that an SSL certificate is installed on your hosting account and ready to use, you will then need to make the appropriate changes to your website to ensure it is using the new https URL. The steps for doing this will differ depending on the sort of website you have. You may need to consult with your web developer on the appropriate steps for your website (while we’re always here to assist with your hosting services, we are unfortunately unable to provide specific web development/design advice such as this). If you’re happy to give it a go yourself, there are many useful guides online that can help (we’ve posted some below) – though we strongly recommend taking a full backup of your website prior to making any changes, just in case anything goes wrong!

WordPress: http://digitalpacific.support/kb/875/
Drupal: https://www.drupal.org/https-information
Joomla: https://docs.joomla.org/Switching_between_HTTP_and_HTTPS

Will my website’s search engine ranking be affected by installing an SSL certificate?

Yes, switching from http to https can have an effect on your Google ranking if not managed correctly, as your website address will essentially be changing from starting with http://, to starting with https://, thus giving your website a brand new address as far as Google is concerned. If your website is ranking for a particular keyword or keywords that you wish to protect, we’d recommend first researching the necessary precautions (to ensure that you don’t harm your Google rank during the switch), or reaching out to a reputable web developer/SEO consultant for assistance.

If you wish to seek further assistance or need some questions answered, feel free to call our sales team on 1300 694 678.

Google's Next Move Against Non-SSL Websites

Comments

Comment Posted By: Winston Longbottom

Would I need an SSL certificate with this website; it does not contain any email or credit facilities.
No one can add content to this website in any way!

Regards

Winston Longbottom

Comment Posted By: Digital Pacific

Hey Winston,

As per the article, what would require you to urgently get an SSL certificate is if your website falls under these two scenarios:

– When a user fills in ANY input field type on an insecure web page (such as a contact form)
– ALL insecure web pages when browsing via incognito mode

If you need any further clarification, feel free to contact our sales team or tech support team here: https://www.digitalpacific.com.au/esupport/index.php?/Tickets/Submit/

Comment Posted By: kevin

Do you support “lets encrypt” the FREE SSL certificates or should I move to another web hosting provider?

Comment Posted By: Digital Pacific

Hey Kevin,

We certainly do support Let’s Encrypt! Although, there are some negatives to LE–compared to traditional SSL certificates, LE renews every 90 days rather than DP’s period of up to 3 years, and leaves a short period of time with no validation between expiry and renewal. For eCommerce sites, we discourage LE and regard a traditional SSL certificate as essential.

Comment Posted By: Wolve

Go Google, I mean Microsoft, I mean Apple…. Another company that determines whats good and bad for the world. You used to be cool google, what happened to you?

Comment Posted By: Carl

Thanks for the heads up Digital.P

Comment Posted By: Maureen Lawrence

Can you please check if we currently have this certificate and if not what are the next steps and cost.

Thanks

Maureen Lawrence

Comment Posted By: Digital Pacific

Hey Maureen,

Your hosting plan comes with Let’s Encrypt, a bare-minimum free SSL service. If you prefer to have total security, you should consider a traditional SSL certificate. Check out DP’s options here: https://www.digitalpacific.com.au/domain-names/ssl-certificates/

Comment Posted By: John Samperi

I really don’t care if anybody steals stuff from my website, the contents is freely downloadable. Do I still need to worry about the certificate and it’s cost?

Comment Posted By: Digital Pacific

Hey John,

It’s not so much that people will steal content from your website, but it may be a matter of someone getting access and highjacking the site and using it for their own malicious purposes, or possibly even using your site to get access to other private data or personal information. Your hosting plan comes with Let’s Encrypt, a bare-minimum free SSL service, but if you prefer to have total security, you should consider a traditional SSL certificate. Check out DP’s options here: https://www.digitalpacific.com.au/domain-names/ssl-certificates/

Comment Posted By: Ron Graham

Digital Pacific made it easy to purchase a SSL certificate. Then, because the automatic installation encountered a problem at the last step, I also purchased the installation service just so the experts could ensure the installation was in order. Of course even then it didn’t just work, since it was up to me to set in order the things that were wanting in my website of around 2000 self coded pages and scripts. I ran a global search and replace, to change “http://www.simplybible” into “https://www.simplybible”. This fixed up all the canonicals, the xml sitemap, and most of the htaccess file. The latter needed a redo of some domain redirects (which I fixed through cPanel), because the browsers thought hackers were afoot! Now, having at hand an unchanged backup of the site, I uploaded a selection of changed files and tested them carefully. They worked, so I uploaded the whole bang lot, and behold I was now seeing the little padlock and the “https://” in the browser address bar of any page. I downloaded the code for the badge supplied by GeoTrust and made it show on the site banner. Now I hope Google and its browser will be nice to my website.

Comment Posted By: Maureen Thompson

Thank you for the heads up regarding the SSL certificate.
I will be adding a sale element to my website in the near future when I go ebooks so this will be essential for me.
I use Weebly for my little site, but I have my hosting with you. Could you please let me know what I have to do or do you do it for me and then bill me later.
Kind Regards
Maureen Thompson

Comment Posted By: Digital Pacific

Hi Maureen,

Your DNS and domain are happily with us here at Digital Pacific, but unfortunately, your hosting is with Weebly, so we can’t help you with SSL-related enquiries. Although, we’ve noticed that your site states that its connection is insecure, so there are two options you can take from here:

1. If you wish to host with Digital Pacific and take full advantage of an SSL certificate, feel free to contact us anytime on 1300 694 678.
2. If you wish to remain hosting with Weebly, you can visit this link for a guide on how to enable SSL for your site: https://hc.weebly.com/hc/en-us/articles/115010923107-Enable-SSL-for-Your-Site

Hope this helps!

Comment Posted By: Greg Bell

But… aren’t you guys are using Let’s Encrypt behind-the-scenes to automatically create SSL certs for all hosting accounts? I was told that by the support team, and I’ve seen this work on several of my clients’ sites (but not all. Hmm…)

Comment Posted By: Digital Pacific

Hey Greg,

That is true, we are offering Let’s Encrypt. Yet it really depends on what sort of sites you’re hosting. For eCommerce sites, we discourage LE and regard a traditional SSL certificate as essential.

As for your concern about Let’s Encrypt not working on some of your clients’ sites, this handy article should do the trick: https://www.digitalpacific.com.au/esupport/index.php?/Knowledgebase/Article/View/877

Comment Posted By: Kirsten

Hi DP
Thanks for the info. I run two basic websites that have no e-commerce (they’re information sites) and a community choir website where we sell just concert tickets and our albums (income doesn’t even come close to covering costs). All three sites have basic contact forms. I, and the choir, can’t afford to pay for fancy SSL on websites that earn us no income, in addition to the domain name and hosting costs. What do I recommend to my choir?
Thanks, Kirsten

Comment Posted By: Digital Pacific

Hi Kirsten,

Your hosting plan does come with Let’s Encrypt, a bare-minimum free SSL service. This means that your website is protected at the minimum level. However, we do encourage getting a traditional SSL certificate to ensure maximum security, but at the end of the day, it’s up to you.

Comment Posted By: DedicatedHosting4u

Hi, Everyone.
I’am Jocob Michael from los angeles, California, US.
Well am running a website which is related to dedicated server hosting. But i don’t applied for SSL certificate since 10 year to my website.
Is any problem i would get in the future.

Help me out guyz.

Comment Posted By: Digital Pacific

Hi Jocob, hope it’s nice and sunny over there! To answer your question, without an SSL certificate, Google Chrome will deem your site as insecure and a potential hazard to the site’s visitors. Also, without an SSL, you’re risking the chance of malicious cyber attacks that could occur on your site, and potentially steal private information or financial credentials.

It would be the best option for you to get an SSL certificate installed on your website. If you wish to enquire about purchasing an SLL, feel free to call our sales team on 1300 694 678 or shoot them an email at sales@digitalpacific.com.au.

Leave Your Comment








Browse The Full Site On Your Desktop

EARN 1 QANTAS POINT* FOR EVERY DOLLAR SPENT!
X