As business owners, we’ve all probably heard by now that it’s a good idea to install what’s known as an SSL Certificate into your website, with scaremongering techies like me telling you that:
- It’s a good idea.
- Google might one day penalise you.
- No, really, it’s a good idea!
It’s not that we are wrong.
Yes, from a trust perspective, a padlock is going to reassure users, and more and more users care, as they become aware that there might be an issue.
Yes, there are good technical reasons why if everyone gets an SSL certificate, the web is generally a lot safer for users, as cyber-criminals have a much harder time of intercepting your activity.
Yes, it’s even a requirement for GDPR! Although no one really shouted about it. If you have a form on your site, GDPR will tell you that the name, telephone number, email and message that is transmitted is actually personal information. Install a SSL certificate and that info is encrypted. Don’t bother, and it’s plain text all the way from where they are to where your server is.
But up until now, there’s not been anything that you can’t do if you don’t install a certificate. And very little down side if you ignored it – at least downside that you’d be aware of.
This is changing
Effective this July (2018) Google will mark all sites without an SSL certificate as “Not Secure” in Chrome. If you want to read more about it, type “July Google SSL” into your browser, but needless to say, this will send a message out to your customers. Your site is “Not Secure”. What will they think about that?
This has changed
Of course, you already get a slight search advantage for having an SSL certificate installed. So you already had a good reason to do it. But this is a little more obvious.
But if you would like another reason to get this sorted out, it comes from Facebook.
Facebook has always been a great tool for businesses, and one of the most requested features we install on our client’s WordPress websites is the ability to allow the site to post any news articles put on the site straight up to Facebook too. In order to do this, you have to create a Facebook app that allows the connection between the site and your Facebook page.
It’s easy to do.
But it’s actually impossible now, without an SSL certificate. Facebook are no longer allowing you to transmit unencrypted data from your site to theirs. They will argue that there’s a risk it could be tampered with on the way. But whatever the likelihood, there’s no changing them. No SSL, no auto posting.
When you follow this to its natural conclusion, you’re going to see a whole load of other services who will start to take a stronger line when it comes to unsecured sites. What if Facebook stops you driving advertising traffic without an SSL certificate? What if Google Analytics stops working? What if that really important plugin you use for your podcast, your CRM, your online order form, etc etc, stop working?
Really, if there was a time to do it, it’s now. This is not going away.
How to do it?
Costs? These days a basic certificate is free. There are more premium certificates, but you don’t need one for simple sites. And administering the on-going certificate (they need renewing like domain names) will cost no more than a few tens of quid a year.
The big cost is the on-boarding, as this can get pretty hairy.
For a simple site, it’s usually not too bad. You install the certificate and test it. You create a staging site running through the certificate so you can see if the site still works. You put in place redirects to make sure all traffic is being routed to the secure version of the site, and you do a scan of your database to make sure there are no hard-coded non-secure resources. You then put the site live on the secure channel.
Clearly that’s all Greek for a non-techie, but it’s not an impossible job. It would normally take an hour or two if everything goes well, and a day if it doesn’t!
For a big site, it could be a right pain in the… But then bigger sites probably already have a techie on board thinking about these things.
I believe this is a good step for the web. So I am prepared to offer any new client who comes on board with WP Aid and quotes “SSL” during sign-up, a free SSL onboarding task as part of your site on-boarding.
And because I hate offers that exclude current customers, I’ll offer an SSL implementation project as a standard monthly task for any of our current customers too!
(Both of these offers are subject to the ongoing payment of the SSL certificate admin fee mentioned above as part of your package – the implementation project is the offer. And this offer can’t be used in conjunction with other offers. Here ends the T&Cs!)
If neither of these options suits you, drop me a message, and I’m happy to try to answer any questions you might have about your own situation. Just don’t leave it too long – things are crumbling around us, and there’s a point where the buildings will start falling into the sea…