Have you noticed a “not secure” warning showing up in your website address bar? Are you wondering why it’s displaying there?
Well, Google has quite aggressively started to communicate the HTTPS status to users by identifying those that don’t have an SSL certificate, with a not-secure warning. We probably don’t have to tell you that this isn’t a good thing; it doesn’t look great and it can stop people from visiting your site. In this article, we will address exactly what the secure warning means, how to fix it and the advantages of doing so.
What is the warning?
You might have started seeing the “not secure” warnings rolling out lately, don’t worry…you’re not imagining it. Google’s new update means that they’ve started to let everybody know when the website they are visiting is not HTTPS enabled.
What this tells users is that a hacker could look at the data they have inputted into the site; things like passwords, addresses and card details could all been seen. A hacker could even, in some extreme cases, hijack the connection or redirect the user to a malware-laden page.
For obvious reasons, people are circumspect of a not secure website, some even choose not to stay on the website.
What it means for your visitors
So, we touched on it briefly in the point above, but your visitors will not like this warning.
Internet users are told to look out for these not-secure warnings. If they see them, they’re advised to not enter any kind of sensitive data and, in some cases, exit the page.
Users are becoming more cautious and more cognizant of the issues on the internet, scams and viruses are a worry for them, and it is, in complete fairness, your job to make them feel safe and to make them feel like they can trust your website.
What does it mean for you?
If you own a website, and it shows a “not-secure” warning, you could be losing out on a lot of traffic or revenue.
If you run any kind of e-commerce website, your users will most likely not be entering their card details on your site, and they will ultimately look elsewhere for the product. This means you lose out on revenue.
If your business relies heavily on traffic, a not-secure warning could be affecting this too. Users may not re-enter your site because of the not-secure warning, and your website could possibly be showing up lower down on the search results as a consequence.
How do I fix it?
By now you’re probably in agreement that you need to fix it. The good news is; it’s pretty easy to do.
You need to get an SSL certificate, which is basically something which stops all suspicious activity on your website. It binds the domain name with the organisation identity, which will activate a padlock and make that undesirable “not secure” in the top left, completely disappear.
You have an option to get a free SSL certificate or a paid one. Both have their benefits, but we recommend a paid one.
The benefits of doing it
To begin, you will get the convenience of being labelled as “secure” in the address bar – and that really can’t be faulted.
You’ll also (most likely) be ranked high in the search results, as being secure gives Google a good reason to boost you up there. This is great for businesses that heavily rely on traffic for revenue.
Users and visitors will also be more inclined to enter their bank details and address, which is a necessity for e-commerce sites.
Last but not least, and kind of the whole point of an SSL certificate – your website will be protected against scams and viruses.
Will you run into any problems?
A lot of people put off making their website secure because they don’t really know how to do it and are scared it will change their site.
A lot of questions we get asked are; “will it lower my ad revenue?”, “How do I do it?” and “will and SSL certificate affect how many visitors I get?”
Redirecting a website to HTTPS isn’t hard at all, your visitors won’t be affected (in fact, it might benefit you) and it shouldn’t lower any ad revenue.
Is it difficult?
No, not at all. If you choose a free SSL you will have to renew your certificate probably about every 90 days, which isn’t extremely convenient. This is one of the reasons why we recommend a paid SSL certificate.
With a paid SSL certificate, you have different options, the renewal process is super easy, you’re protected with a warranty (if anything does happen on your site, you’re entitled to a pay-out) and, quite importantly, you will get customer support, which makes the entire process monotonous.
Achieving a secure site, in short, is an easy and beneficial process which you should absolutely do.
Can I get help?
Of course, with paid SSL certificates, customer support will always be there to offer you helpful advice.
If you feel like you need a little bit more help, you can use a technology partner, they will help you with all your technology needs. Avalon Hosting Services will help you with anything you could possibly need revolving around your website or tech problems. They don’t let you rack up a costly bill either.
To summarise, if your site is showing a “not secure” sign, you need to invest in an SSL certificate, as soon as possible. You can choose from a free SSL certificate or a paid SSL certificate, and you can get help as you go along, either from customer services or a technology partner.
Comodo CA Is Now Sectigo
The world’s largest certificate authority Comodo CA is now Sectigo and will move forward with the new and existing products/solutions to protect your customers, employees, websites, intellectual property, and overall interests from online threats. All products will transition from Comodo brand to Sectigo brand name. e.g Comodo EV SSL is now Sectigo SSL EV.It’s still the same company that has issued over 100,000,000 SSL certificates in more than 150 countries.
Do I need to make any changes to Comodo CA products?No. You do not need to make any changes until they are due for renewal.
Will my support change?No. You will receive the same expert service and support.
When will the name change and rebrand take place?The rebrand change took place at the beginning of November 2018. We will continue to update you on all updates as Comodo CA transitions to Sectigo.
What will happen to the Comodo trusted roots?
Comodo Certificate Authority roots will remain trusted. Any newly issued certificates will continue to have a Comodo root until the new brand is established.
Do I need to change my Comodo TrustLogo to a new trust logo/site seal?
Yes. A new trust logo will be provided following the Sectigo launch. We will update you when this needs to be done.
Will Comodo continue to show as the Certificate Authority in web browsers?
Yes. Comodo will continue to be shown as the Certificate Authority in browsers until the rebrand is complete.
If you have any sales or technical questions regarding SSL certificates, from Sectigo or another provider, please don’t hesitate to contact our team.
Free SSL Vs Paid SSL Certificate
Security for online users is, to say the least, very important. We’re in quite a scary time, where hackers and fraudulent activity online are becoming ever growing issues every single day. We really don’t mean to scare you, that being said, we do believe that we website owners should use this concern to help them. An SSL certificate has become almost necessary for any website now, being used as an incomparable weapon against any suspicious activity online, as well as helping with your search engine rankings. Not bad. So, you can confidently say that you need an SSL certificate, but what type? There are two types; free and paid. To summarise, we think the best option is the paid SSL certificate, but you can’t just take our word for it, right? So, below we have provided you with all the reasons why you should choose the paid option.
What is an SSL certificate? Basically, an SSL certificate binds together a domain name with the identity of your organisation, think, the name of your company or location. When you have installed your SSL certificate on a web server, it will activate the padlock, allowing secure connections from a web server to a browser. You can check if a website has an SSL certificate by looking at the address bar, once on the website. If you see a padlock, then the browser connection to the server is secure. If it says “not secure”, it does not have an SSL certificate. An SSL certificate will protect all your sensitive information, things like credit card information, passwords, and usernames. Many users will, rightly, opt to not stay on websites that are not secure too.
What is a free SSL certificate? As you probably assume, a free SSL certificate is one that you do not have to pay for. However, there are more differences between a free SSL and a paid SSL than just the price. The whole purpose of a free SSL certificate is to make them available for everybody, no matter the budget, which (we admit) is great. You can choose between ‘self-signed certificates’ or ‘signed by a certificate authorities’ SSL. A free SSL certificate will provide the same level of encryption as the paid SSL certificates.
What are the pros of a free SSL certificate The main (and slightly obvious) proof a free SSL is that you don’t have to pay. This gives start-ups and low budget organisations the accessibility to a secure server. Free SSL certificates do offer very similar protection, but there are a few issues and faults, which may make you more inclined to choose the paid option.
What are the cons of a free SSL certificate> They’re a little inconvenient – you have to renew your certificate a lot more regularly, perhaps every 90 days, sometimes less.> Free SSL doesn’t protect subdomains. So, if you have a sit with a number of different subdomains, you will have to pay for your SSL certificate. > You won’t get the customer support. If anything goes wrong, or you’re unsure with something, there’s no immediate help that will be there for you.> They are unsuitable for e-commerce. To make customers trust your business and, thus, make purchases, we would advise a paid SSL certificate. In order to be able to secure credit card and personal information, you cannot use a free SSL certificate.
What is a paid SSL certificate?Yes, you guessed it, you will have to purchase these types of SSL certificates. With this purchase, you will be issued with a secure SSL certificate, which will be signed by a respectable certificate authority (CA). You can purchase these certificates directly or through 3rd party sites. Though it is true that, in terms of the level of encryption, a free SSL certificate is very similar to a paid SSL certificate…so you’re probably asking; “why would I pay for something I could get for free?”. Well, the differences between the two will justify the payment. We promise
Pros of using a paid SSL certificate > Your customer will trust you more. When you have a certificate issued by a respected, trustworthy Certificate Authority, makes a website just seem so much more reliable. Customers and clients will feel safer using your website and purchasing from your e-commerce store. > You have different validation options, something you don’t get with free SSL certificates. These are Domain, Business, and Extended Validation. You also get to choose from different certificate types: Wildcard, One-Domain, and Multi-Domain. These allow you to pick the best one for your website, your needs, and your complexities. > The renewal process of your paid SSL certificates is a lot more convenient. You will only have to renew every two years, meaning your business and website will run smoothly and stay secured. > You’re also protected. When you purchase an SSL certificate, you will get a warranty which covers you for any damage that might incur. So, if your website, unfortunately, got hacked or there was a data breach, you could be entitled to a pay-out. A free SSL certificate does not offer this. > You’ll also get customer support. This is just an extra bit of security and peace of mind for you.
Why you should choose a paid SSL certificateObviously, free SSL certificates seem like a great, cost-effective solution, especially for independent, small websites at the beginning of their journey. However, paid SSL certificates grant you more flexibility, benefits, security, and support. If you have a big business or e-commerce site, in our opinion, there isn’t much to think about. A paid SSL certificate will help your business accelerate, your customers will trust you and keep coming back. You should consider this as more of an investment than a purchase.
Perception is everything—especially when it comes to building trust online. The good news is you have a lot more control over your image than you think. SSL Certificates are one of the easiest and surest ways to prevent your visitors from jumping to the wrong conclusions by showing visible proof that you can be trusted. But, you have options that drive varying degrees of confidence. So, how do you know which makes the most sense for you?
Keeping It Real
Let’s start with the basics. If you’re like most business, it’s easy to get blindsided about all the recent press about encryption leading up to Google’s July 1 deadline. Sure, this is an important, and essential, part of your online presence. That’s why all SSL Certificates provide encryption. But, it’s not enough.
Ultimately, your visitors want complete confidence that the party on the other end of their connections is legitimate. While all SSL Certificates provide some level of validation, there are important differences that impact whether your visitors continue to engage with you or click over to a competitor.
The Proof is in the Validation
Did you know that, according to a Tec-ED survey, 77% of online buyers were hesitant to shop on a website without Extended Validation (EV) SSL—the highest level of authentication? So, what exactly is EV, what are your other validation options and what does each mean to your visitors and your business? Let’s take a closer look.
Domain Validation (DV)—With a DV SSL Certificate, all you need to do is validate you own the domain. While this is the simplest and fastest option, it doesn’t give your visitors clear confirmation of who’s really on the receiving end of their data. In terms of credentials, think of it as getting a library card. You don’t have to prove your identity, you simply tell them your name and they take you at your word. DV may be sufficient if you host a blog, you’re a one-person shop, a company that’s already well-known and trusted, or just need encryption.
Organization Validation (OV)—OV SSL Certificates require a little more screening. You’ll be required to provide up-to-date documentation that shows your company or organization is legitimate. Visitors can click the site seal that comes with the certificate to see your organization details, giving them a comfort level that you’re who you say you are. We equate this to getting a driver’s license which requires you to supply documentation to confirm your identity by multiple sources in your country of origin. OV should be the minimum protection if you operate an e-commerce site and want to ensure visitors you’re legitimate and trustworthy.
Extended Validation (EV)—EV provides the absolute highest level of validation. The vetting process is more thorough and includes in-depth documentation, as well as phone calls, to validate your organizational, physical and operational existence. More and more visitors are looking for visual trust symbols and the Green Address Bar—the most universally recognized symbol of trust reputability on the web—is only available with EV. Plus, visitors can click and view more certificate details, including the issuing Certificate Authority, to maximize credibility. EV is comparable to a passport. While issuance is a bit more involved and takes a little longer, it provides proof of your identity across the globe. If you’re a national or global brand, looking to maximize conversions and want to make it clear your visitors’ security is a top priority, EV is the way to go.
Confidence Leads to Conversions
When’s the last time you did business with someone you didn’t trust? Your visitors feel the same way. It’s up to you to clearly show them their information is protected and that a third-party trusted authority has confirmed that you’re, in fact, you. Choose the right SSL Certificate and let it do the confidence-building for you. Still not sure which one is best for you? Contact us and we’re happy to help you find the perfect fit.
The rules have changed about what good website security means—starting with a new minimum requirement for all website pages to support encrypted connections. The good news is you’ll gain other valuable benefits by adhering to this new standard. First, let’s get on the same page by reviewing a few basics.
When your customers land on a web page that’s not protected by any type of SSL Certificate they’ll see http:// at the beginning of the website address in the browser bar. This used to be perfectly fine unless your webpage involved a login ID, password, form or payments. Enter the era of mega cybercrime.
HTTP has one glaring flaw—it’s not secure. Any information transmitted via an HTTP connection is vulnerable to being tampered with, misused or stolen. Your visitors deserve to know any data they share with you is safe from prying eyes.
Installing an SSL Certificate changes the browser bar address to https:// to clearly show visitors the connection is encrypted, meaning the server is authenticated and data is protected in transit. No wonder web browsers have made HTTPS the new standard for website security.
HTTPS Is Good for Your Bottom Line
Enabling encrypted connections is one great reason to protect your website with an SSL Certificate. But, it’s not the only reason. Here are some other ways HTTPS brings value to your business.
Speeds Up Performance—Being the slow kid on the block and the last one picked for dodgeball is a bummer. Being slow online could cost you everything. HTTP is being replaced by a newer faster version—HTTP/2. Encrypted connections are required to unlock the latest speed and security features.
Increases Search Engine Traffic—Google includes SSL as a ranking factor. How’d you like to boost your search visibility up to 5%? Be found above the competition by encrypting every page of your website.
Enables Mobile Options—Salesforce reports 71% of marketers believe mobile is core to their business. Mobile’s most popular features—geolocation, motion orientation, microphone, fullscreen and camera access—require HTTPS to be enabled by most browsers
Protects Your Brand Reputation—A recent CA Security Council Report shows a mere 2% of customers would proceed past the “Not Secure” warnings that are due to kick in July 1 for all webpages without HTTPS connections. Show visitors your brand values their security by protecting your website with an SSL Certificate.
Delivers a Seamless Experience—Don’t let visitors engage with several pages on your site only to be get broadsided with a “Not Secure” warning on pages you haven’t protected. They’ll reward you for taking the extra steps to give them an end-to-end encrypted experience.
Identity Validation Matters, Too
HTTPS is no longer optional if you want to build relationships and a business online. The good news it adds a lot of value to your business. But, SSL Certificates do more than enable HTTPS. They also authenticate or validate your identity so visitors know it’s really you on the other end of their connection. We’re here to help you find the right level of validation based on your goals.
Google is trying to make the Internet safer and In January 2017, with the release of Chrome 56, they will start showing non-SSL – HTTP websites as Not secure.
Chrome currently displays a green padlock icon with HTTPS in the address bar for sites that are secure and the circle-i with a message that this website is not secure but the security team will be taking it one step further by displaying a red triangle for all HTTP pages.
Emily Schechter, Product Manager for Chrome Security, said on the official Google security blog that the first phase is to flag HTTP sites that process passwords or credit cards.
Then, Google plans to extend the SSL warnings to Incognito mode in following releases and will eventually show a red triangle on all HTTP pages.
This will help answer the visitors question, “Is this site encrypted?” Or, maybe a better question “Is this site safe for transactions?” The answer is, “No, the site is not encrypted, so Not secure.”
This means that, without SSL, someone can not only access the data from the internet, seeing everything we do on a site, but can also control it and manipulate it.
When traffic is not encrypted, it makes us vulnerable to anyone using the same Wi-Fi at the local centre or coffee shop, who can steal our email, passwords or banking information.
With proper installation of an SSL certificate, the “Not Secure” sign will disappear and be replaced by a green padlock icon. Then the site will be secure for any online transactions and public dealings.
It’s important to note that SSL isn’t only about confidentiality, which is how most people think of it but also about integrity and authenticity, which in many cases are much more important.
Schechter also explained that switching over from HTTP won’t affect sites’ search rankings, it is easier to install and much cheaper than ever before, and also enables the best performance and powerful features that are too sensitive for HTTP.
For most startups and small-to-midsize businesses, the move to HTTPS shouldn’t be difficult. While you can buy and install a certificate from multiple providers or your web hosting company itself, most web hosts are offering easy, one-click Encrypt SSL certificate installation and most also provide automatic renewals.
Check out our set-up guides to get started.