Do you need an SSL Certificate? Chrome Update warns on security issues

22 Shares

Big changes are coming in the next update to Google Chrome the internets most popular web browser.

Google is working on an ad-blocking update that is due to arrive soon and a new feature that mutes autoplay videos is scheduled to land in January. You know how you land on pages to suddenly be blasted with a wall of sound. Well, that’s about to become a thing of the past. But before any of these useful enhancements hit Chrome. new browsing security features will be landing.

The next release of Chrome will be available on October the 17th. The new version will show users “not secure” warnings when you land on certain websites.

Here is how it will work

The “not secure” warning will appear in two ways. Visitors will be shown the warning when they start to enter data into a site that does not encrypt your connection via an SSL Certificate.

This means that the site is not scrambling the data between it and your browser. Putting you at risk from hackers seeing everything you do.

The ‘not secure’ warning will also appear when a Chrome user visits an unencrypted site while in Incognito mode.

Future versions of Google Chrome will then show the same warning but this time in attention-grabbing RED, designed to scare you away.

This all good news for those who generally just surf the web. Additional protection and warnings are of course a very welcomed enhancement. But it is not such good news for webmasters.

Of course, if you are taking payments on your site or gathering any sensitive information then yes you must have SSL encryption but is this required if you’re a blog site or a membership site? If you’re not selling anything if users are not entering card details? Well, it kind of is but really shouldn’t be.

Google Chrome is now used by well over 2 billion users that’s 59.61 percent of the browser market. That’s 59 percent of your visitors who will start to see big red warning messages bouncing them right out of your site.

So although we appreciate this is a great step forward to help protect visitors it also feels just like a new requirement to continue to compete for visitors and traffic.

SSL certificates can be purchased relatively cheaply for the first year. They then rise to anywhere between $50 to $100+ depending on the level of encryption required.

So what is the answer?

Well, you have a few options.

You can stay as you are and not buy an SSL and just take your chances on how you are affected. Or, you can just take it on the chin and buy an SSL. Or you can get yourself a Free SSL certificate. The advantage of this is that they are obviously free, so no capital outlay. But there are disadvantages. A normal paid for certificate is valid for a minimum term of 12 months, 1 year. The free SSL certificates tend to be valid for around 90 days where you then need to renew. Free SSL certificates should be able to be used with any hosting but you may well find that although they accept them they don’t support them.

So unless you are reasonably technical you may well find that you are struggling to add a free SSL certificate to your site. It comes down to money. The big hosting companies sell SSL certificates, so it makes sense to their business model that they don’t help you apply a free version to your site

We had a conversation with Godaddy support recently about free SSL certificates. They do accept them but there is no visible way within the back office to apply them. When we asked how it was done we were told that the certificate publisher would need to contact Godaddy direct to implement for you knowing that, that is just not feasible for that to happen.

Takeaways

It feels like this is just an additional cost that webmasters will have to pay. We are being held to ransom. SSL certificates have been with us for a number of years. If you are going to buy from an online store then yes you need to know that your personal information is protected. But a lot of the problem being solved here comes down to the education of the user when surfing the web. You just don’t buy from an online store unless they are encrypted.

This security update just provides a big cash injection to hosting companies who are selling the certificates.

When Google says jump all we can do is say how high. Webmasters are already pretty much being forced into adopting AMP – Accelerated Mobile Pages now we will have to implement SSL Certificates just to maintain our reputations.