This topic came to mind as it is something I’ve been dealing with myself at the moment, so I wanted to pass it on to all of you as well. A Google security blog post announced that in July 2018, Google will begin marking all websites that are not encrypted with SSL as “not secure” in the Chrome browser, which currently accounts for about 60% of all web browser usage.
What the Heck is SSL?
There are many websites out there that can explain the technical details of SSL to you much better than I can, so I’m going to stick with the basics because it’s all you really need to know. SSL is a security method for creating an encrypted link between a web server and an internet browser. When a website has SSL encryption, the web address starts with HTTPS, instead of just HTTP.
When HTTPS is correctly implemented on a website, most modern browsers show some sort of padlock at the top of the page next to the URL bar. In chrome, it also has a green section with the word “Secure”. In July 2018, this will read as “Not Secure” for any website that hasn’t implemented SSL encryption.
Why are Google Doing This?
They mean well, and they are on a quest to make the internet more secure. Encryption protects user data, and SSL has been used for many years in online stores to protect credit card data when it is passed from your computer through to an online store where you’re making a payment. Google wants all data to be more secure, so they are doing two primary things to push more website owners to implement SSL:
- They are prioritizing SSL encrypted websites in search results. If you implement SSL, you’ll get a nice boost in your SEO.
- They will soon mark non-SSL encrypted sites with the dreaded “Not Secure” mark, which will inevitably freak out web users and push them away from your site. Most people won’t understand exactly what it means, or care that your site has been the same for many years. But they’ll see the “Not Secure” mark and possibly not want to stick around any longer, or fill out your contact form to get a quote. As more and more sites get secured, a non-secured site will really start to stick out!
They are on the right track. Since announcing these two things there has been a sharp increase in websites adopting SSL, and at the time of writing this (early 2018) 73% of web traffic is now served over HTTPS.
Do YOU Have SSL Already?
Some of you might be wondering whether you already have encryption on your photography website. This is easy to test! Simply head to your site and look in the URL bar. Does it say https://yourwebsite.com or does it say http://yourwebsite.com? Hopefully it’s the former, and if so, you’re all set.
If SSL is correctly implemented on your site, you should also be able to type the old HTTP address and see that the browser actually redirects you the HTTPS address. This is important, because you might have links to your site all over the web that use the old HTTP address, and you need your website to automatically redirect people to the secured HTTPS version of the page now.
How do You Add HTTPS/SSL?
Oh boy. This is quite the question but if you have checked and seen that you do not already have it, then this is something you’re going to have to tackle. If you’re using a hosted web platform such as Photoshelter, Wix or Squarespace then it’s just a matter of enabling the option in your security settings.
Imagine that, a setting in your security option that literally boosts your SEO! Pretty awesome, right?
If you are using a self-hosted WordPress website then things are a little more complicated and you’ll have to make a choice based on how WordPress-savvy you are. For many people, the first port of call should simply be to talk to your web host (Bluehost, Hostgator, GoDaddy etc) and ask them if they have a service to implement SSL. At the very least, they are going to need to set up an SSL certificate on your server, but at least you can get a free certificate from Lets Encrypt. Once that is done, I found this particular guide to be an excellent resource for making the switch to SSL on WordPress. Be warned though, there are several steps in the process that can definitely screw up your website if you do it wrong. Always make sure you have a full backup of your site before attempting it! If you aren’t confident, then I definitely recommend finding a good WordPress developer to do the process for you.
What Happens After July 2018?
I don’t want people to panic about this; your website isn’t going to implode on July 1st. Presumably you have a website to share your photography and market your business though, and as each day passes, at least some of your competitors are likely taking care of this problem and receiving a nice boost in search rankings. It might be hard to quantify, but if your website is a serious marketing tool for your business then not switching to HTTPS/SSL is going to start costing you money at some point.
If you’re not using your photography website to make money – perhaps it’s just a way to share images to the public – you can probably treat this with a little less urgency, but I wouldn’t brush it under the carpet. As time goes on I expect other web browsers to follow Google’s lead, and I also expect Google to eventually implement even more prominent warnings about unsecured sites.
Have you already made the switch? Share your experience below in the comments please!