Website security is one of those things that everyone knows they should care about,
but most people don’t fully understand it.
Security is just plain hard, and many people don’t have the time to focus on it until there is a real, tangible reason to make a change. In some cases the results of ignoring security are horrible and very, very public. Sometimes people are lucky and “only” have a scare that changes their focus. More and more though, people are becoming aware of viruses, identity theft, hackers, botnets, ransomware, etc whether they understand them or not. They get nervous when their browser pops up any kind of security alert. Security’s prevalence in the news, along with recent updates to various browsers, are why you need to think about adding an SSL Certificate to your site.
For the basics, a certificate encrypts traffic that is sent to and from your site. Historically you would see little “s” after the http in the site url, or a little padlock to the left of the site name. It is one of those things that has always been absolutely essential on payment and login pages, but is something that you very possibly never paid much attention to. And when you go to sites now and notice the green padlock you probably don’t give it a thought, or wonder why you would see it when you just search on google.com? And you probably never think “Hey I need that on my site!”.
Security’s prevalence in the news, along with recent updates to various browsers, are why you need to think about adding an SSL Certificate to your site.
Unfortunately, we are at the point where people who don’t have “https” on their web sites are experiencing some tangible reasons why they need it. Right now if you have any kind of a login on your site your visitors are seeing this:
We get questions about that message quite often. We have even seen Chrome escalate to the error message to the right (“Phishing attack ahead”) if you don’t have a certificate and are letting people log into your site.
That fills the entire browser window and scares people to the point where they may never come back to your site. In both cases the fix is to add a server certificate to the site.
Chrome now displays that gray “Not Secure” message on every non-https page, and frequently displays a full screen “This Site Is Not Secure” message, forcing visitors to click a tiny “It’s Ok, I know the Dangers” link to access the site. Other browsers have similar messages they display for non-https pages.
It doesn’t matter what you have on your site, people are going to be afraid and leave when they see that message. It doesn’t matter if you have pictures of your cat, or if you are selling diamonds, visitors are going to see a red “Not Secure” message and probably leave.
The fact that everyone is on high alert for any kind of warnings these days makes this a pretty big deal. Site owners receive inquiries from visitors who see the message, and in those cases they don’t typically hear it from the first person who got the message. So traffic is being lost already and so far they are only in phase one of their plan.
It doesn't matter if you have pictures of your cat, or if you are selling diamonds, visitors are going to see a red “Not Secure” message and probably leave.
To be clear, there are about 1000 excellent technical reasons why you should have a certificate on your site and encrypt all traffic. Some are easy to explain, some are complex. There are all kinds of encryption levels, and options. Some certificates are free, some cost hundreds of dollars. Historically it was up to you, and was dependent on the type of information you had on your site. But in today’s internet, it is a must have, simply to keep from potentially scaring your visitors.
If we can help interpret any of this for you please let us know. There are a number of complexities that having a certificate can add to your site, and we have a lot of experience helping people through the process.
Google’s full policy on SSL can be found here: Moving towards a more secure web