I received an email yesterday afternoon from GoDaddy that reminded me I have two websites that I’ve not transitioned to HTTPS.
In the last few years, there has been an uptick in the number of websites that have transitioned from HTTP to strictly HTTPS.
Of course, many website owners transitioned their websites to HTTPS from HTTP upon hearing Google would consider and likely bump website search rankings for those in full HTTPS compliance.
Nevertheless, the interesting thing about the GoDaddy email is that it is stoked with a bit of subliminal fear using a number of terms throughout the email multiple times.
Terms such as “Not Secure”, “more secure”, “big impact”, “warning signs”, and “not accessible” can be found throughout their email (excerpt shown below) as follows:
Google’s quest to form a more secure web will take a new shape this month, October 2017, with Chrome v62. Chrome will begin showing “Not Secure” on all sites without an SSL Certificate where users can enter text in a contact form. Nearly 50% of internet users choose Chrome as their browser of choice so this can have a big impact on the way people interact with your website(s).
If you have sites which include contact forms, information request fields, etc, which do not have an SSL protecting them, please reach out to me so we can discuss your plans to get an SSL Certificate to avoid any possible warning signs when people visit your site.
“Passwords and credit cards are not the only types of data that should be private. Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the “Not secure” warning when users type data into HTTP sites.”
Again, if you have not transitioned your website to HTTPS, then you may want to consider doing so if your website includes any of the following actions:
- Forms of any type that request user information of any type
- Information request fields
- Credit card data
- Social security data
- Personal information data
As of October 1st, Google renders a website not using HTTPS as “Not Secure” to its visitors when visiting the website.
In my opinion, if your website doesn’t request any of the bullet points above (Yes, there are sites that do exist), then I personally wouldn’t bother with transitioning to HTTPS.
Although I use GoDaddy’s SSL Certificate services for my website, paying for individual SSL certificates to secure your website is quite expensive annually if you operate and manage a large number of websites needing SSL/HTTPS.
However, there are a number of free (i.e., GeekFlare.com, Comodo, SSLForFree.com, and more) and paid (i.e., Verisign, GeoTrust, Comodo, Digicert, Thawte and more) SSL options available on the market as most providers offering web hosting tend to over SSL certificate services too.
But if you’re stretched for time and budget, and in need of a FREE SSL option, then you might want to check out LetsEncrypt.org, a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).