There’s no excuse not to secure your website
Green padlocks are all the rage these days! Every website needs to be secured. Is yours? It should start with https:// and not just http://.
This is likely not something you’ve thought of as you run your online business. You have a website, you’re making pretty decent money, so why do you have to be concerned with all of this techie stuff?
What’s the problem? The website still loads, right?
Well, here’s the problem. (and I promise that I won’t get too technical)
The information that your visitors send you isn’t protected from prying eyes.
That’s right. Unless you have a secured website, the information sent to your website can be read by any system in transit between your visitor and you. Secure websites encrypt this information so that it cannot be interpreted by anyone other than the person to whom it was intended.
Here is a silly analogy that might explain this better. Suppose you are back in junior high school and, while class is in session, you wanted to send a secret note to your crush. Your crush is on the other side of the classroom and you have to pass it along to the other students in order to deliver the note. Would you take the chance of writing the note in plain English so that your classmates could read (or alter) the contents? Or would you use a code language that only the two of you could understand?
Okay, that may have been a very lame analogy, but you get the point. A secure website uses an established protocol to verify the site and encrypt the information.
“But my visitors don’t send me anything!”
Perhaps, but I bet you have a form. And aren’t you asking for the visitor’s name, email address, and (sometimes) telephone number? Most people will not supply this information willingly unless they trust the asker.
And if you take payments or collect shipping information, it’s even more imperative that you have a secure website. (almost embarrassing if you don’t)
… and you just look bad too!
Even if you don’t have a form or collect any information, you are still penalized if your website is not secure.
Google, the king of the internet, will smite you. (slight exaggeration)
First, they will lower your ranking in the search engine. And this makes sense. If you cannot prove that information will be protected, why should Google recommend you? No matter how awesome your content is, secure sites will get priority over yours.
And your website will be labeled.
You can tell if a site is secure with the green padlock in the browser window.
But an unsecured website will not have one.
And here’s is how Google Chrome will flag non-secure websites in a future release – with a big red warning!
Okay, you’ve convinced me. What do I do?
Get an SSL Certificate
An SSL certificate validates the domains and encrypts information sent between the browser and the website through an encryption key. Think of it as a rubber stamp to prove that you are who you say you are.
Who issues SSL certificates?
A certificate authority does, and there are many of them. (They provide the stamp) Examples of certificate authorities include Let’s Encrypt, Entrust, Symantec, and GlobalSign.
There are actually 3 kinds of certificates
- DV – Domain validation
- The quickest, cheapest, and easiest to obtain. Only required validation of domain ownership, but is the lowest form of validation. You can get a DV certificate for as low as $10/year or even free. This takes only a few minutes.
- OV – Organizational validation
- Requires paperwork to verify the organization. OV certificates are more expensive than DV certificates and this process is completed within a few days.
- EV – Extended validation
- This is the highest level of validation and is the most time consuming and expensive.
- It verifies the legal status of the organization and can take a few weeks to complete all of the checks.
- Once completed, it will display the organization’s name next to the green padlock.
Example of a website with an EV certificate.
For most websites, a DV certificate is fine as it provides the same level of encryption as the others.
If you are collecting payment information, use a payment gateway, such as Paypal. Your customer would initiate the purchase on your website, but be redirected to Paypal to enter their credit card information. Paypal will then redirect the customer back to your website. The benefit is that PayPal is secured with an EV certificate. Stripe, Google Pay, Apple Pay, and Amazon Pay are a few other alternatives.
Getting a Free SSL Certificate
Most of the popular hosting companies offer a free SSL certificate. Siteground, the hosting company that I use, is one of them. And the process takes only a few minutes.
If you are doing this yourself, the option can be found in your cPanel. If not, contact customer support.
Lastly, if all of this still confuses you, contact me and I’ll do the installation for you.
Wishing you much success online!