Layman SpeakObservationsTips and ToolsUpdates

Google shames non-SSL websites from Feb 2017

By February 3, 2017 September 27th, 2017 3 Comments
Non-SSL website, HTTPS, secured website, Google Chrome

Do you have non-SSL websites in 2017?

If your website doesn’t have a https, be afraid…

Why?

Google is shaming non-SSL websites from Feb 1st onwards

On Jan 31, Google will be releasing Chrome ver 56. (Google’s web browser)

Once updated, Google will slap your non-SSL websites (no HTTPS on your URL) with a label “Not secure” right next to your URL.

Right now, it only shows an innocent looking ‘info’ icon.
(See my website, feeling insecure, before purchasing SSL cert)

non-ssl websites can look like this
With version 56, it’ll start off by stating “Not secure.”

And to make your site look more prominent down the road, Goggle will give you a ‘FREE’ red exclamation mark like this.

no-ssl websites

What would non-SSL websites do to you.

If your business markets, promotes or sell product/services online, a “Not Secure” label can scare off most customers and potential clients.

Even if your business is legit, we just can’t shake off the thought if your site is:
– hiding malicious codes Trojan horse;
– hackers infested;
– safe for the user to provide any personal information.

In short, users will just hit the window close button with extreme prejudice.

All your hard work in building up the site, paying ads to bring traffic to your site, Social Media efforts, wasted.

Not worth it.

 

What can you do?

There are a few choices that I’ve researched and tried:

 

A. FREE SSL on your server

Yes, you heard it right.
Free!

If you host the website on your server and have an IT department, point them to www.letsencrypt.org for instructions to a FREE SSL cert.

However, you will need shell access. According to letsencrypt.org, it will make the process much easier.

Without shell access, the IT guy will have pull up the sleeves and dig in deep into this time-consuming exercise.

I doubt they will be nice to you for the weeks to come.

 

B. FREE SSL via your hosting provider

If you still insist on a free SSL via letsencrypt.org, ask if your web host provider can integrate Let’s Encrypt. It’s supposed to make the process easier.

 

C. Paid SSL – no frills

If your site is on hosted on your server, but you don’t have shell access (how come?):
​​​​​​​
Login to your Cpanel and look for SSL Wizard. It allows you to purchase an SSL cert for your domain.

I bought mine at USD$18. Note that this just for a single URL.
If you have other sub-domains (others.yourdomain.com, more.domain.com, and etc), they will not be covered.

You’ll have to purchase a wildcard SSL cert.

HOWEVER, note that images with an absolute link (www.yourcompany.com/images/photo.jpg) will not be secured.

It will show as Not Fully secure.

To fix that, change the link to a relative one (/images/photo.jpg)

The same “Not Fully secure” problem will show up if any non-SSL web services fetch data from beyond your site (link to FB live post, external analytics, etc.).

So, as long as you have absolute link and data fetched from non-SSL sites, you will need to fix each of them manually.

All of them.

 

D. Paid SSL – Hosting Provider
If your website is hosted by a hosting provider, just pay them to do all the work.

In the end, I purchase an SSL cert (yearly renewal) directly from them.

It covers all, including my sub-domains.

It’ll secure the whole site, just like one of the e-commerce site I ‘m managing.


Or you can look at the URL on this window, it has the Secure Icon. (Updated 3 Feb)

 

Conclusion?

I have tried the first 2 methods, and it was a huuuuuge headache.

For the no frills SSL, no doubt it’s cheaper, it doesn’t fully secure the site especially you plan to have sub-domains later on.

Pretty pointless.

I have asked for a refund for the no frill SSL purchased via cPanel and they responded within a day.

No questions asked.

From now on, we’ll just have to resign with purchasing an SSL cert as part of the online cost.

Web hosting + Domain name + SSL. The very bare minimal.

Have some time to read? This is where I got the original news.

Source: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html

Let’s Encrypt: https://letsencrypt.org/getting-started/

*First published on 18 Jan for our subscriber.*
Everything is possible!

Don’t have the capacity to do the above? Click here to contact me to see how we can help you.

Kok Wai

Author Kok Wai

Kok Wai is a content producing marketer, media trainer at Kelvin Sng Productions, a dad of two and photography contributor to multiple magazines. A sponsor of B60 Charity Run 2017, Kok Wai's goal is to help busy and ambitious business owner focus on running their business even with their limited time and lack of marketing know-how. He especially loves kids, playing the guitar, and exploring with software. You'll find him pondering on the exhilaration of securing two more good clients on a retainer basis. Connect with him on Facebook (thePF)

More posts by Kok Wai

Join the discussion 3 Comments

Leave a Reply

Do NOT follow this link or you will be banned from the site!