So, there are BIG changes coming that could affect your website & you knew nothing about them!

Posted on

That's right, they're BIG, but before that ...

So I know people reading this may not be as geeky with all things web as I am, so I will try to make the following easy to follow and not loose you in the ones & zeros of the matrix (and to the geeks, I know they are not ones and zeros in the movie).

From January 2017 Google Chrome is getting serious about websites that don’t use encryption to keep you safe from the bad guys.

So I can hear you already saying ...
"umm ... Great, but is that it?".
... Well, Yes. But we need to stop and think about it for a second.

Do you know what encryption is?
Do you know if you're site uses it?
Do you know the sites that you visit are using it? Including this one?


The answer to that last one is yes I am 🙂

Do I care?

YES YOU SHOULD!

Why? well for one Google cares and that (lets face it) is a big point. If they are wanting you to use it (which they do) they are ranking your website in the search results on having it or not!

What will happen if I do nothing?

The answer to that all depends on your users browser of choice. If they are using anything other than Google's Chrome Browser, then not a lot (FOR NOW & will come back to this in a minute).

However, if they are using Google Chrome, the first effect of this is visitors could be put off from accessing your site, as Google Chrome will show a warning message, telling the visitor your website is not secure, before they see anything else on your website. Pretty big, right ?

Now, you may be thinking "well I 'know' my visitors are using 'X' other browser & I therefore don't care", now going to answer that "for now" part I spoke about before. If Google are doing it now with their browser, you can bet that the browser wars will not let them get one up on them & soon all of the browsers will follow, meaning even your visitors with their other browser will see a similar message, saying your website is unsafe and that they should turn around and run (maybe not so dramatically as that, but you get the idea).

OK, I need it then. What’s it all about?

In order to not be effected by this. You will need new layers of security known as HTTPS and SSL/TLS

HTTPS

The OLD HTTP – we are all familiar with HTTP coming up on address bars when we use a web address. It stands for ‘Hypertext Transfer Protocol’ and is the way that we ‘talk’ on the worldwide web.

The NEW HTTPS – note the extra 'S' at the end, stands for ‘Hypertext Transfer Protocol SECURE’. Regular users of sites such as Amazon will recall that it already appears and what it actually does is prevents eavesdroppers from seeing information that visitors to your site send to you or receive from you by encrypting it so that only the server can decode it.

As from January, this is how address bars will look ...

Unsecured Address (URL)

Secured Address (URL)

Using https however, does mean you need to add an SSL/TLS certificate to your hosting.

What is SSL/TLS?

SSL/TLS – those stand for Secure Sockets Layer & Transport Layer Security.

SSL has been around for a while and now the latest upgrade is known as TLS. They are both effectively stamps of approval that a website is secure and are officially referred to as certificates. If you go to a website that has no padlock on the address bar and change http:// to https:// the site will still load BUT without SSL/TLS a warning will be displayed by Google Chrome that even though you have requested information on a secure connection, the data is not being sent by that method and that the site may not be totally secure – many will heed the warning and move elsewhere!

So, what does this mean? It means you must provide information about yourself as the domain/website owner and the website itself. Once a certificate is issued it is installed on the server and provides these security benefits:

  • Identity authentication – the browser determines whether a web server is the right server and not an imposter
  • Privacy – information between the browser and web server is kept private by using encryption
  • Data integrity – messages between the browser and web server cannot be altered by others (for example during a ‘man-in-the-middle’ attack).
Once you obtain the right certificates your address bar will always show a padlock and always say https:// before your hostname.
As I have already said, Google is leading the way on this initiative and even if you don’t use Chrome or don’t think many people use it to access your website, you can’t afford for anyone to be suspicious about the authenticity of your website.

Google has issued an announcement that it plans to label ALL sites that only use http as non-secure as a step towards making the worldwide web a safer place.
As always I'm here to help you, so if you need advice or help with all of this, please contact me and I will help you with this big change and make sure you don't loose any visitors to your website and even money from doing nothing.

Leave a Reply

Your email address will not be published. Required fields are marked *