Here’s the skinny…
SSL is a way of encrypting websites to make them safer and less hackable. Google is already penalizing sites that DON’T have this in place. Things are about to get a whole lot worse for pages with logins and credit card forms come January 2017.
All WordPress sites have a login page, and thus, every WordPress site will need an SSL cert to meet this criteria.
Secure sites are identified by two things: https:// in your browser bar and, at times, a symbol or color denoting the status. Take ours for example. We’ve got full SSL in place on our website:
Is there a catch? Well, kinda…
Even if you’re using SSL you could still be penalized.
Your site has to be FULLY encrypted. That means those that are using mixed content security, forcing https:// on some pages and not others, will also get you into trouble.
Here is an example of a mixed content site that uses SSL on some content and not others. You’ll notice a lowercase ‘i’ here in a circle to denote more info. Some browsers use an exclamation point. If you click that you’ll see a note like this indicating the non-secure connection:
Not so bad? Well here is what Google will start doing as first measures in 2017:
Currently this change is restricted to Chrome, however, we’re going to see many browsers following suit. Google even gives raking boosts to sites that use HTTPS and has been doing so for some time now!
Even if you’re not using Chrome yourself you can’t afford to ignore this change. Windows remains a major player in the professional office space. The same can’t be said for its default browser Internet Explorer. In May of 2016 Chrome surpassed Internet Explorer to become the most used browser of desktop users with 41.3% of tracked traffic. This means that you’re turning off a huge portion of site visitors by not getting on board with the change.
You can get the details on the Google announcement here as well as a few more visuals on the proposed immediate changes. Long term we could be looking at something like the current the big red screen warning for those not in compliance:
So what do you do about it?
First, don’t panic. SSLs aren’t beginner territory, but they can be conquered with a little guidance and help. There are some free SSLs out there. In fact your host may even offer one and there are plenty of paid options. Not all SSLs are the same so you’ll have to be very deliberate in selecting one that is best for your content. The important thing is that you do indeed get one. The announcement does not state it will favor one type over the other.
We’re talking to our clients about this and felt it was important to let you know as well.
If you want to talk to someone about getting help to determine your options for SSL and getting your site 100% encrypted then drop us a line at [email protected].io.