You’ve probably been hearing how Google is strongly stressing website owners to have SSL. You might have seen address bars with “Not Secure” within Chrome, or websites with warnings on it. Months ago, warnings weren’t a thing, but Google is cracking down on websites that don’t have SSL. Google’s been warning about this, and so have we, here at WP Fix It.
Google started plans toward a more secure web, in September 2016. In January 2017, The Chromium Project, behind the Google Chrome browser, implemented the “Not Secure” warning in the address bar, as the start of this plan, especially for websites that contain passwords and credit card fields. For the WordPress user, your website has you log in, so even if the front of your website wasn’t HTTPS and didn’t have a warning, if you logged into your WordPress admin area, you’d see a “Not Secure” in the address bar of the Chrome browser.
Google posted in April 2017 that they would execute the second step in their secure web plan, in October 2017. This plan is that when someone visits a HTTP site, that Chrome will add the “Not Secure” label in the address bar for any page containing input fields for forms, or when visiting a site in incognito mode.
[Credit- Google Online Security Blog – Next Steps Toward More Connection Security]
Aside from that, already various WordPress website owners and other types of webmasters too, have been receiving emails from Google Search Console about input fields not being secured.
[Credit: Search Engine Land – Google emails warnings to webmasters that Chrome will mark http pages with forms as ‘not secure’]
So, what does this mean for you as a website owner? Should you have SSL on your WordPress website? Here’s some reasons why you should have it, why you really have no excuse, and a bonus (more of a reminder) on security.
Why You Should Have SSL
SSL allows your information to pass through your internet browser and onto the web server using encryption. This means that if there’s a hacker trying to get information from you, they won’t be able to easily steal that sensitive info.
From experience, a lot of our infection cleanup clients at WP Fix It use similar passwords throughout all of their logins, whether it be WordPress, their web host, Paypal, and even their bank! That’s pretty scary, and perhaps some of you who are reading this, might be participating in this unsecure password behavior. With SSL, this is encrypted so it cannot be deciphered easily by any bot or hacker.
Another reason to have SSL is for site speed. HTTPS/2 actually can speed up your website. Back in the day, HTTPS used to be known as a website speed killer, but technology has gotten better over time. Try testing the difference of HTTP versus HTTPS here.
Lastly, think about your website visitors. Shouldn’t they feel safe on your website?
Oh, but there’s one more…
There’s No Excuse
Technology today has made it possible that ALL website owners can have SSL on their website at little or no cost. Again – little or NO cost. Google isn’t doing this to control you. It is to help you realize that you need to create a safer experience for your user.
Sure, SSL certificates can get expensive. However, if you have a blog site, you can get by with a free SSL certificate from places like LetsEncrypt, or Cloudflare, or AutoSSL in WHM/cPanel. You can invest and get an SSL for as little as nearly $10. For websites that are selling items, investing in a SSL certificate that provides adequate insurance can cost $89 to even $169. There’s an SSL certificate for nearly any type of personal or business website.
Aside from cost, or lack of, there’s a ton of information out on the Internet on installing an SSL certificate, and even getting your WordPress site to become HTTPS. If you’re dangerous enough with code, you can try setting up your own SSL on your website. Your web host may have some tutorial on installing SSL on your website. However, if you’re not code savvy, WP Fix It can help. Check out our WordPress SSL HTTPS Setup Service if you need our help.
SSL + Security Plan
As a note, it’s important to make sure that even if you do have a website that is SSL, that you also have a security plan in place, or everything falls apart. You can still have malware on content injections pop up. When you get your SSL certificate, make sure your website is clean by using a security plugin or online malware scanner, like the ones listed in this article.
Don’t have the time or want to learn how to clean and secure your website, WP Fix It can help with that too. If you need us, our infection cleanup service can do the job.
In the next coming months, hopefully you will consider changing your website over to HTTPS. If you have questions, feel free to ask.