If you have a website property verified in Google Search Console, and the website is not HTTPS-secured, you’ve likely seen some form of the following message in your dashboard recently:
After months of talk and speculation, Google has finally started to move forward with its plan to secure the web by enforcing HTTPS. Although HTTPS had previously only been a concern for e-commerce sites or sites with login functionality, this latest update affects significantly more sites. The vast majority of websites have a contact page (or something similar) that contains a contact or subscription form. Those forms almost always contain text input fields like the ones Google warns about in the message above. The “NOT SECURE” warning has already been appearing on insecure sites that collect payment information or passwords. It looks like this in a user’s URL bar:
Now that this warning will be displaying for a much larger percentage of the web, webmasters can’t put off an HTTPS implementation any longer. Unfortunately, Google’s advice to webmasters for solving this problem is about as vague and unhelpful as you might imagine:
Implementing HTTPS is not a simple process. The Washington Post published a blog post outlining their 10-month HTTPS migration back in 2015, and numerous sites (including Moz) have reported experiencing major traffic fluctuations following their migrations. The time and resources required to migrate to HTTPS are no minor investment; we’re talking about a substantial website overhaul. In spite of these obstacles, Google has shown little sympathy for the plight of webmasters:
Google’s singular focus in this area is to provide a better user experience to web visitors by improving Internet security. On its surface, there’s nothing wrong with this movement. However, Google’s blatant disregard for the complexities this creates for webmasters leaves a less-than-pleasant taste in my mouth, despite their good intentions.
Luckily, there’s a bit of a silver lining to these HTTPS concerns. Over the last few years, we’ve worked with a number of different clients to implement HTTPS on their sites using a variety of different methods. Each experience was unique and presented its own set of challenges and obstacles. In a previous post, I wrote about the steps to take before, during, and after a migration based on our experience. In this post, my focus is instead on highlighting the pros and cons of various HTTPS services, including non-traditional implementations.
Here are the three methods we’ve worked with for our clients:
A traditional HTTPS implementation starts with purchasing an SSL certificate from a trusted provider, like Digicert or GeoTrust (hint: if a site selling SSL certificates is not HTTPS-secured, don’t buy from them!). After that, you’ll need to verify the certificate with the Certificate Authority you purchased it from through a Certificate Signing Request (CSR); this just proves that you do manage the site you claim to be managing. At this point, your SSL certificate will be validated, but you’ll still have to implement it across your site. Namecheap has a great article about installing SSL certificates depending on your server type. Once that SSL certificate has been installed, your site will be secured, and you can take additional steps to enable HSTS or forced HTTPS rewrites at this point.
Let’s Encrypt is a free nonprofit service provided by the Internet Security Research Group to promote web security by providing free SSL certificates. Implementing Let’s Encrypt is very similar to a traditional HTTPS implementation: You still need to validate the Certificate Authority, install the SSL certificate on your server, then enable HSTS or Forced HTTPS rewrites. However, implementing Let’s Encrypt is often much simpler through the help of services like Certbot, which will provide the implementation code needed for your particular software and server configuration.
This is one of my favorite HTTPS implementations, simply because of how easy it is to enable. Cloudflare offers a Flexible SSL service, which removes almost all of the hassle of implementing an SSL certificate directly on your site. Instead, Cloudflare will host a cached version of your site on their servers and secure the connection to the site visitors through their own SSL protection. You can see what this looks like in the picture below:
In doing so, Cloudflare makes this process about as simple as you can ask for. All you have to do is update your DNS records to point to Cloudflare’s nameservers. Boom, done. And as with Let’s Encrypt, the process is entirely free.
It really depends on your site. Smaller sites who just need enough security that Google won’t punish the site in Chrome can likely use Cloudflare. The same goes for agencies providing HTTPS recommendations to clients where you don’t have development control of the site. On the other hand, major e-commerce or publication sites are going to want a fully customized HTTPS implementation through traditional means (or via Let’s Encrypt’s wildcard certificate, when that happens next year). Ultimately, you’ll have to decide which implementation makes the most sense for your situation.
Powered by WPeMatico
Lindsey Stirling ~ Lindsey Stirling (1840) Buy new: $7.59 17 used & new from $7.21 (Visit the Best Sellers in Dance & Electronic list for authoritative information on this product’s current rank.) Powered by WPeMatico The post #1: Lindsey Stirling appeared first on Guaripete. […]
NewAir AWR-290DB Compact 29 Bottle Compressor Wine Cooler by NewAir (27) Buy new: $749.00 $556.99 5 used & new from $556.99 (Visit the Best Sellers in Built-In Wine Cellars list for authoritative information on this [...] The post #1: NewAir AWR-290DB Compact 29 Bottle Compressor Wine Cooler appeared first on Guaripete. […]
$10.99End Date: Friday Nov-10-2017 13:30:32 PSTBuy It Now for only: $10.99Buy It Now | Add to watch list Powered by WPeMatico The post Rolling Stone Special Collector’s 2017, Tom Petty 1950-2017, Brand New/Sealed appeared first on Guaripete. […]
$7.99End Date: Wednesday Nov-15-2017 7:48:50 PSTBuy It Now for only: $7.99Buy It Now | Add to watch list Powered by WPeMatico The post Entertainment Weekly Supernatural Oct 2017, Halloween Special, Brand New/Sealed appeared first on Guaripete. […]
Leonardo da Vinci Walter Isaacson (Author) (7) Buy new: $35.00 $21.00 52 used & new from $21.00 (Visit the Best Sellers in Books list for authoritative information on this product’s current rank.) Powered by WPeMatico The post #1: Leonardo da Vinci appeared first on Guaripete. […]
Capital Gaines: Smart Things I Learned Doing Stupid Stuff Chip Gaines (Author) (4) Buy new: $24.99 $17.48 46 used & new from $12.44 (Visit the Best Sellers in Books list for authoritative information on this [...] The post #2: Capital Gaines: Smart Things I Learned Doing Stupid Stuff appeared first on Guaripete. […]
The Wisdom of Sundays: Life-Changing Insights from Super Soul Conversations Oprah Winfrey (Author) (2) Buy new: $27.99 $16.79 40 used & new from $12.00 (Visit the Best Sellers in Books list for authoritative information on [...] The post #3: The Wisdom of Sundays: Life-Changing Insights from Super Soul Conversations appeared first on Guaripete. […]
AU $54.95End Date: Sunday Nov-12-2017 14:11:14 ESTBuy It Now for only: AU $54.95Buy It Now | Add to watch list Powered by WPeMatico The post Microsoft Office Professional Plus 2016 Full Retail Licence Key appeared first on Guaripete. […]
$7.99End Date: Sunday Nov-5-2017 19:07:45 PSTBuy It Now for only: $7.99Buy It Now | Add to watch list Powered by WPeMatico The post Rediscovering Americanism And the Tyranny of Progressivism by Mark Levin eBooks appeared first on Guaripete. […]