SSL Certificates are Now Required by Chrome

Update: January 9, 2017

Google has finally rolled out changes in Chrome that make the fact that you don’t have an SSL Certificate glaringly obvious to your visitors. Elegant Themes has posted a nice piece about it, but this is what it looks like…

SSL Certificates Let's Encrypt

 

You definitely don’t want your visitors to see that. At Blue Sky Digital Strategy, we include a Let’s Encrypt SSL Certificate on every website, along with several layers of security to keep the bad guys out. That being said, NO site is unhackable.

 

SSL Certificates Encrypted Website

 

We’ve known that Google has been including the use of SSL certificates as a ranking factor in it’s ranking algorithms since 2014. Matt Mullenweg of Automattic recently jumped on the bandwagon by saying that WordPress is moving towards requiring an SSL certificate in 2017. New features will be introduced in WordPress which require hosts to have HTTPS available. Mullenweg also indicated that WordPress may begin requiring PHP7 sometime in the near future.

What is an SSL Certificate?

A Secure Socket Layer (SSL) certificate is basically a means to encrypt the link between your browser and your server. SSL used to be difficult to implement and slow. Modern browsers are increasingly efficient at handling it. The success of projects like Let’s Encrypt have made getting a certificate to secure your site fast, free, and something every host should support by default. Google has begun flagging unencrypted sites in Chrome.

A great article from Motherboard.vice.com shares that “HTTPS doesn’t just protect user data, it also ensures that the user is really connecting to the right site and not an imposter one. This is important because setting up a fake version of a website users normally trust is a favorite tactic of hackers and malicious actors. HTTPS also ensures that a malicious third party can’t hijack the connection and insert malware or censor information.” They also quote Parisa Tabriz, Google’s security engineering team, who tweeted that Google’s intention is to “call out” HTTP for what it is: “UNSAFE.”

Here at Blue Sky Digital Strategy, all of our websites are SSL enabled by default through Let’s Encrypt. Drop us a line today if you’d like to chat about enabling an SSL certificate on your website. We are already also using PHP7 for all of our websites.