Google Chrome recently released their new requirements for website security. Starting in January 2017 all websites that collect user information will be required to use ssl secured https instead of http. Any website that does not follow the new guidelines could be flagged as being “not secure” in the website address bar. See Pic:
What is the difference between http and https?
HTTPS URLs begin with “https://mywebsite.com” whereas HTTP URLs begin with “http://mywebsite.com”
HTTP is not encrypted and is vulnerable to man-in-the-middle and eavesdropping attacks, which can let attackers gain access to website accounts and sensitive information, and modify webpages to inject malware or advertisements. HTTPS is designed to withstand such attacks and is considered secure against them.
What types of websites will need ssl “https” protection?
Websites that have or run the following applications should have https protection.
- Ecommerce websites
- Websites with Login zones (client login as well as admin logins zones)
- Websites with Contact Forms or other forms that collect user information
- Websites that offer downloads
What are the benefits to switching to https?
There are numerous benefits to switching from http to https including:
- A more secure website that is less vulnerable to attacks and protects your users information.
- Google looks favorable on websites that use https and will tent to rank them higher in search results.
- Your clients will feel more comfortable using your website
- It is good website/internet practice.
Is there a cost to getting an ssl certificate for my website and switching to https?
Yes, an ssl certificate would have to be purchased and put onto your website to make it secure. Depending on the type of encryption needed, the can cost between $60-$200 per year.
Most website just need the basic ssl for $60 per year.
There is also an initial fee for wrapping the new ssl onto your website. The price for this will vary depending on the size of your website and how much content or “urls’ need to be changed from “http” to secure “https”.
Is it mandatory that I secure my website?
Our answer to that would be yes. All website should be secure. However, if you run a basic website that does not collect user information and you are not concerned about your users seeing a not secure warning in their address bar then you would not need to get https protection. Though we would Highly recommend that you do.
All of our clients will be receiving emails over the next week with more information. If you have questions feel free to contact us : 920-723-1224