Your Website and Changes to Web Browser Security

The future of web browsing and security is changing. Yet many websites owners are still in the dark about changes Google Chrome and Mozilla Firefox are already pushing out to their web browsers.

These security changes will “tighten [the] noose on HTTP” and make it essential to install an SSL certificate on your website. While we’ve all grown accustomed to experiencing this peace of mind on banks and e-commerce sites, web browsers are going to soon be penalizing any website without a basic level of security in place.

Background

Google Chrome, by far the most popular web browser on desktops, announced last September they would be “moving towards a more secure web” by indicating the connection security in the address bar. Sure enough, early this year the browser started labeling any webpage with a login function, credit card entry form, and more as “Not Secure” without the proper security in place.

 

Starting in October, all web pages without an SSL Certificate installed will appear as “Not Secure” next to the link in the URL bar. In other words, if your website doesn’t present an “https” with a lock next to the url, all webpages on your site—not just pages where visitors can enter information—will display the warning and scare off potential clients or customers.

What This Means

Imagine you’re browsing Google to find a therapist for your child and settle on a private practice after a half-hour of research. You’re about to enter your information into the contact form and notice the “Not Secure” label next to the URL. Does a warning on the website to not transmit sensitive information make you feel better? Maybe. But what if the website instead advertises the connection is secure and the familiar lock is displayed?

It’s not hard to consider a scenario where the latter instance converts more hard-earned website visitors to customers or clients—regardless of your industry and what type of information is being exchanged on your website.

How to Fix It

Installing an SSL Certificate is generally a budget-friendly process, but can be technical in nature depending on your website platform. SquareSpace users are especially in luck with a free solution integrated into every account.

Many hosting companies for WordPress sites also offer a free SSL certificate using Let’s Encrypt—these are the current hosts who offer the service out-of-the-box without diving deep into a technical rabbit hole; simply ask customer support or your web designer for help if your host is on this list. Note this option isn’t preferred for e-Commerce sites and also shouldn’t be viewed as HIPAA compliant. It does, however, offer a basic (and free) layer of protection to better secure your website and the sharing of information.

WordPress owners not on the list or people using another platform still have options. Plenty of third parties like GoDaddy and NameCheap offer basic SSL Certificates you can apply to any website. Your specific host likely also offers a host of options. While most customer support teams can help get everything implemented, it’s never a bad idea to receive guidance from a web designer or webmaster-type before plowing ahead to save time and energy.

What Else Should I Do?

Malicious attempts to hack into the admin area of websites are a constant threat. In fact, most websites experience some type of hacking attempt every day by automated bots. Stay tuned for an upcoming blog post on going a step further to secure your login pages and signup to our newsletter to never miss an important update.