Build trust with your visitors (and with Google)
You may have noticed more and more websites are showing up as “Secure” these days, sporting a green lock in the address bar of your browser. The movement to secure more of the web has been growing over the last few years, aided by some gentle (and not-so-gentle) prodding by Google and the advent of Let’s Encrypt as a way for website owners to add a security certificate to their site for free. If you’re running an e-commerce site or otherwise collecting sensitive information on your site, you should already have an SSL Certificate installed to encrypt communication between your site and your visitors’ browser. If not, you might be thinking “why bother?”
Today, there are lots of reasons and few barriers to add an SSL Certificate to your site.
In 2014, Google called for “HTTPS Everywhere” and announced that they would be adding use of a secure connection as a ranking signal when indexing websites. At its rollout, it was a very light ranking signal – nowhere near the weight that legitimate, quality content has in ranking a site against a user’s search query. For many, it was tough to justify the $100-200/yr investment in an SSL certificate to gain a such a slight edge in ranking.
Since then, security on the web has become a bigger and bigger issue and browser vendors like Google, Firefox, Apple and Microsoft have all made moves to further encourage more security in web communications for all websites. Earlier this year, we received a call from our friends at the Webber Restaurant Group. Suddenly, the website for the Scarlet Oak Tavern was showing a security warning when visitors using Chrome tried to view the site. Not an ideal situation for any website, and less so for a site that uses OpenTable for guest reservations.
In October of 2017, Google became more aggressive with security warnings. Instead of warning when a certificate had expired or when sensitive information like your credit card number were being entered without an SSL connection, Google began showing a “Not Secure” warning anytime a form (like one used to search for a dinner reservation) was used on a website. The solution was obvious–install an SSL certificate, and we were happy to help upgrade the security of all of Webber Restaurant Group’s sites.
How to Secure Your Site
Your hosting provider may already offer SSL Certificates, though they may do so for an extra fee. We’re big fans of Let’s Encrypt – a non-profit certificate authority that has automated the verification, generation and installation of over 100 million SSL certificates. If you’ve got a WordPress site and are using a host like WPEngine, you can use your hosting control panel to quickly and easily install an SSL Certificate.
We’re big fans of Ubuntu for our own hosting servers. Installing an SSL Certificate on Ubuntu with Apache is nearly as easy, so long as you’re comfortable with the command line:
First, add the certbot repository:
sudo add-apt-repository ppa:certbot/certbot
Next, update your package list to add the new repository’s information:
sudo apt-get update
Finally, use [code]apt-get[/code] to install certbot for use:
sudo apt-get install python-certbot-apache
Now you’re ready to use certbot to add a certificate to your site:
sudo certbot --apache -d example.com -d www.example.com
You’ll want to replace example.com with your site’s domain – if you want to secure more than two, just keep adding -d subdomain.domain.com to the command above. Let’s Encrypt doesn’t yet issue wildcard certificates that would cover all subdomains for a given domain, but those will be coming in 2018.
Using CloudFlare? You’ll want to add the --webroot and certonly flags to ensure your certificate is issued and renewed properly:
sudo certbot --apache -d example.com -d www.example.com certonly --webroot -w /var/www/html/
You’ll want to replace /var/www/html/ with the path to your website’s document root.
Let’s Encrypt certificates only last for 90 days, but part of the installation of certbot includes automatic renewal using cron or a systemd timer, depending on how your system is configured.
It really is that easy.
Conclusion
The experience your users have when visiting your site is the most important thing you can tend to online. Installing an SSL certificate can prevent major roadblocks like security warnings from appearing, but it can also be a proactive way to show your visitors you care about their information and privacy, even if they’re not sharing a credit card number with you. It’s always the right time to build trust with your visitors.
A website redesign project is the perfect time to reevaluate your site’s security configuration. Get in touch and find out how we can help!