If you have a website property verified in Google Search Console, and the website is not HTTPS-secured, you’ve likely seen some form of the following message in your dashboard recently:
After months of talk and speculation, Google has finally started to move forward with its plan to secure the web by enforcing HTTPS. Although HTTPS had previously only been a concern for e-commerce sites or sites with login functionality, this latest update affects significantly more sites. The vast majority of websites have a contact page (or something similar) that contains a contact or subscription form. Those forms almost always contain text input fields like the ones Google warns about in the message above. The “NOT SECURE” warning has already been appearing on insecure sites that collect payment information or passwords. It looks like this in a user’s URL bar:
Now that this warning will be displaying for a much larger percentage of the web, webmasters can’t put off an HTTPS implementation any longer. Unfortunately, Google’s advice to webmasters for solving this problem is about as vague and unhelpful as you might imagine:
Implementing HTTPS is not a simple process. The Washington Post published a blog post outlining their 10-month HTTPS migration back in 2015, and numerous sites (including Moz) have reported experiencing major traffic fluctuations following their migrations. The time and resources required to migrate to HTTPS are no minor investment; we’re talking about a substantial website overhaul. In spite of these obstacles, Google has shown little sympathy for the plight of webmasters:
Google’s singular focus in this area is to provide a better user experience to web visitors by improving Internet security. On its surface, there’s nothing wrong with this movement. However, Google’s blatant disregard for the complexities this creates for webmasters leaves a less-than-pleasant taste in my mouth, despite their good intentions.
Luckily, there’s a bit of a silver lining to these HTTPS concerns. Over the last few years, we’ve worked with a number of different clients to implement HTTPS on their sites using a variety of different methods. Each experience was unique and presented its own set of challenges and obstacles. In a previous post, I wrote about the steps to take before, during, and after a migration based on our experience. In this post, my focus is instead on highlighting the pros and cons of various HTTPS services, including non-traditional implementations.
Here are the three methods we’ve worked with for our clients:
A traditional HTTPS implementation starts with purchasing an SSL certificate from a trusted provider, like Digicert or GeoTrust (hint: if a site selling SSL certificates is not HTTPS-secured, don’t buy from them!). After that, you’ll need to verify the certificate with the Certificate Authority you purchased it from through a Certificate Signing Request (CSR); this just proves that you do manage the site you claim to be managing. At this point, your SSL certificate will be validated, but you’ll still have to implement it across your site. Namecheap has a great article about installing SSL certificates depending on your server type. Once that SSL certificate has been installed, your site will be secured, and you can take additional steps to enable HSTS or forced HTTPS rewrites at this point.
Let’s Encrypt is a free nonprofit service provided by the Internet Security Research Group to promote web security by providing free SSL certificates. Implementing Let’s Encrypt is very similar to a traditional HTTPS implementation: You still need to validate the Certificate Authority, install the SSL certificate on your server, then enable HSTS or Forced HTTPS rewrites. However, implementing Let’s Encrypt is often much simpler through the help of services like Certbot, which will provide the implementation code needed for your particular software and server configuration.
This is one of my favorite HTTPS implementations, simply because of how easy it is to enable. Cloudflare offers a Flexible SSL service, which removes almost all of the hassle of implementing an SSL certificate directly on your site. Instead, Cloudflare will host a cached version of your site on their servers and secure the connection to the site visitors through their own SSL protection. You can see what this looks like in the picture below:
In doing so, Cloudflare makes this process about as simple as you can ask for. All you have to do is update your DNS records to point to Cloudflare’s nameservers. Boom, done. And as with Let’s Encrypt, the process is entirely free.
It really depends on your site. Smaller sites who just need enough security that Google won’t punish the site in Chrome can likely use Cloudflare. The same goes for agencies providing HTTPS recommendations to clients where you don’t have development control of the site. On the other hand, major e-commerce or publication sites are going to want a fully customized HTTPS implementation through traditional means (or via Let’s Encrypt’s wildcard certificate, when that happens next year). Ultimately, you’ll have to decide which implementation makes the most sense for your situation.
Powered by WPeMatico
£4.95End Date: Thursday Dec-14-2017 18:27:39 GMTBuy It Now for only: £4.95Buy It Now | Add to watch list Powered by WPeMatico The post ISLAM & MOHAMMED – 145 RARE BOOKS ON DVD – KORAN QURAN BELIEFS TEACHINGS HISTORY appeared first on Guaripete. […]
£6.96End Date: Wednesday Jan-10-2018 12:59:42 GMTBuy It Now for only: £6.96Buy It Now | Add to watch list Powered by WPeMatico The post Jumbo’s Keeper: The Autobiography of Matthew Scott and His Biography of P.T…. appeared first on Guaripete. […]
£4.95End Date: Tuesday Jan-2-2018 17:54:39 GMTBuy It Now for only: £4.95Buy It Now | Add to watch list Powered by WPeMatico The post 340 Native American Indian Rare Books on DVD – Tribes Myths Legends Totem Art A1 appeared first on Guaripete. […]
$34.95End Date: Sunday Dec-17-2017 19:24:58 PSTBuy It Now for only: $34.95Buy It Now | Add to watch list Powered by WPeMatico The post Roald Dahl Collection 15 Paperback Books Classic Kids Gift Box Stories Set – New appeared first on Guaripete. […]
$18.29End Date: Sunday Dec-17-2017 6:34:45 PSTBuy It Now for only: $18.29Buy It Now | Add to watch list Powered by WPeMatico The post The Berenstain Bears Classic Collection (Box Set) appeared first on Guaripete. […]
18,75 EURFecha de finalización: lunes ene-8-2018 19:42:43 CETCómpralo ya por sólo: 18,75 EUR¡Cómpralo ya! | Añadir a lista de seguimiento Powered by WPeMatico The post ALEJANDRO SANZ -MAS ES MAS- EL CONCIERTO – CD + DVD -07/12/2017-NUEVO-PRECINTADO appeared first on Guaripete. […]
59,40 EURFecha de finalización: martes ene-9-2018 21:24:52 CETCómpralo ya por sólo: 59,40 EUR¡Cómpralo ya! | Añadir a lista de seguimiento Powered by WPeMatico The post Cafetera Eléctrica Express 2 Minutos 6 Tazas Café Italiano Expreso Interruptor appeared first on Guaripete. […]
14,79 EURDate de fin: mardi déc.-19-2017 7:13:24 CETAchat immédiat pour seulement: 14,79 EURAchat immédiat | Ajouter à vos Affaires à suivre Powered by WPeMatico The post Now That’s What I Call Music! 98 – Various Artists (Album) [CD] (Now 98) appeared first on Guaripete. […]
2,99 EURDate de fin: samedi janv.-6-2018 23:08:16 CETAchat immédiat pour seulement: 2,99 EURAchat immédiat | Ajouter à vos Affaires à suivre Powered by WPeMatico The post CDS MUSICA MUSIC CD GANGA MUSICA appeared first on Guaripete. […]