Updated January 2019:
We covered the topic of what to do in a recent Facebook Live and we walk you through each of the steps.
Watch it here:
I love writing blog posts about fun things. Like how to use great photos on your site or what makes a homepage stand out. What I don’t love writing about is the technical side of things. Like website security and SSL certificates. You know…the less sexy stuff.
But I feel like it’s my duty to let you all know when things are about to change in the internet world, especially when it affects your website.
Which leads me to this week’s blog post.
You may have noticed that sometimes when you visit a website while using Chrome as your browser, you’ll see a warning that “this site is not secure” in the browser bar, like this:
And if you’re like most people, you’ll think that you’re visiting a website that has been hacked or that can cause a virus if you visit it and you’ll quickly log off. Actually, it doesn’t have to do with hacking but rather it’s all about securing and encrypting information that goes from your website to someone else’s computer.
The “Not Secure” warning is Google’s way of saying that the website doesn’t have what we call an SSL Certificate, which used to only be required on websites that collected payment information from a customer.
Sites that have an SSL certificate installed start with “https://” and have a green padlock (or a padlock with the word “Secure” next to them).
An online storefront is the most common example and up until now, unless you sold items on your website you didn’t have to worry about having an SSL Certificate.
BUT….as of October 1, 2017, if someone visits your site using Chrome, Google is now going to start showing this Not Secure warning on any website that collects information, such as:
1. Having a contact form that collects personal data, like a person’s name or email address, on your site (raise your hand if you have one!)
2. Having any kind of opt-in on your site, like for a newsletter (raise your hand again if you have one!)
3. Having a login of any sort that requires a password (okay, fewer hands will be raised on this one but there are still a lot of you!)
4. Having a storefront.
You may have even received an email from Google already, like this one that I received for a website that I manage:
At this point, you’re probably saying, “Ugh!!!! What do I need to do if I get this email or if my site starts showing that it’s not secure?
Well, my friend, you have to install what we call an SSL Certificate on your website. It’s the only way to prevent having the dreaded “Not Secure” warning to show up on Chrome if you collect any type of information on your website, even a simple contact form.
Great, Donna. Where do I get one of these SSL Certificates and how in the world do I get it on my site?
The easiest way to get that pretty green padlock on your site is to use a free SSL certificate. There are many companies out there that offer them but the most common one is called “Let’s Encrypt“.
The good news is that many hosting providers are now offering Let’s Encrypt SSL certificates as part of your hosting package and they make it super easy to install it on your site.
My favorite hosting company, Siteground, is one of them.
I also know that Dreamhost, WP Engine and Flywheel are other hosting providers that offer free SSL certificates with their hosting plans.
My advice is to start by contacting your hosting company to see what they have available and ask for their assistance in getting it installed on your website.
Once the SSL cert is installed on your site, you may have some adjustments that need to be made. As I mentioned above, your URL will now be https:// instead of http://. That requires some changes to how people visit your site.
There’s a great, free plugin called Really Simple SSL that makes it easy for you to make these changes.
For most websites, using Let’s Encrypt’s free certificate and the Really Simple SSL plugin is all that you need.
But I’m not gonna lie. This whole SSL stuff can get a little tricky, which is why I encourage you to contact your hosting provider for some help if you need it.
There is a silver lining to having an SSL cert on your site: Google will rank it higher in search engine results! That reason alone is worth going through the process! (I had to end this post on a happy note!)
Next week I’m going to blog about something more fun. I promise! 🙂
2 thoughts on “What’s the Dirt on the (SSL) Cert?”
This is helpful and reassuring. Not fun. But now website DIYers know the next logical step to take to get the padlock. Thanks Donna,
Glad that it was helpful!