Wednesday, May 23, 2018

Do You Need An SSL?

Maybe.

I received an email today that looked like this from my web hosting company:


You may have received one also. If not, you probably will. Google is changing things a bit in July and sites that do not utilize a secure, encrypted connection will contain a "Not Secure" designation. You can tell a secure site from an unsecure site by the URL. If the URL contains "https//," it's a secured site and the information to it is encrypted. If the URL contains "http://," it isn't secured. Sites are already labeled as not secured. Today, the waterlinewriters.org website shows this on some browsers. Look in the upper left corner, next to the URL. It says Not Secure. I think in July you're going to see that and the little triangle, in red or yellow, to highlight it.


You can click the little "i" next to the Not Secure phrase to get an explanation.


As you can see, it says that you should not enter any sensitive information on this site, like passwords or credit card information.

Should you care about all this?

If your site is display-only, probably not. Will people be put off when they see "Not Secure" on your site? I bet most won't even notice. It's likely they don't notice now. People will probably learn not to enter data on sites that aren't secure, but will probably not stop going to sites that show that warning. If your site does take credit card information, requires a sign on to interact, or takes email addresses, then you may have a problem. If you sell things off your site, but all your payment transactions are handled by Paypal (for example - there are other options that are also secure), you may have to explain it a little better on your site, but you should be OK. If you have a newsletter signup, you may want to switch and use the Mailchimp or Constant Contact signup page (which is secured) rather than your own. So, you might have to make some minor tweaks.

What are your options?

  1. Do nothing. If your site is a blog or a site talking about your books but you never ask for any input then you can simply leave it be. Evaluate after the July 1st change and see if it impacts your traffic.
  2. Pay your hosting company for the SSL certificate. My hosting company offers an SSL certificate for one website for $60 the first year, $75 after that. That's above the hosting fee you are already paying. 
  3. Switch. As you can see, I switched back to Google's blogspot, where I started blogging 12 years ago. Most of you that know me know I'm cheap - and blogspot is free and already offers the SSL coverage. Other options: if you are a Wordpress fan, consider moving to wordpress.com (that is Wordpress's hosting platform - you are probably using Wordpress on another company like GoDaddy or Bluehost). Since they are both Wordpress, the transition should be fairly smooth. Or, you could consider Squarespace or Wix, but that might require a re-do of your site. All three of these options offer SSL coverage as part of the standard offering. Previously, these options could be more expensive than hosting packages like GoDaddy or Bluehost, but after you add in the cost of the SSL coverage, it's about equal. Wordpress.com, Wix, and Squarespace offer ease of use options over hosting Wordpress on traditional hosting platforms. 

There's no reason to panic and do something immediately, despite what the ads imply (remember, they have something to sell you). You might have to make a change if you see your Google ranking take a dive (Google says it will give "more points" to secured sites) or if you hear from your fans that they are now leery of going to your site. But, I'd wait until after the July 1 transition and see what happens.

No comments: