SEOClerks

Does NOT having SSL mean your website is unsecure for people to use?



Enter a reason for deleting this comment

Does NOT having SSL mean your website is unsecure for people to use?

Google Starts Warning About Non Secure Password Fields in Webmaster Tools

But does that mean NOT having SSL makes your site not secure and unsafe for your visitors to use?

If you have any websites that you value, that aren't yet using SSL and make use of password fields somewhere on that website, such as on the registration/login pages. Then now is the time to make the switch from http to https!

Google is now starting to send messages to website owners within Google Search Console (Webmaster Tools) to try and make sure their websites are using HTTPS when served via the Google Chrome browser.
Does NOT having SSL mean your website is unsecure for people to use?
From January 2017, unless you're website is using SSL, Google will start marking websites as "Non Secure" if they use any fields that collect passwords or card details in any way. Even if it's a simple login form.

Google wants to make the Internet a safer place for its Chrome browser users and this is one way of letting people know that a website they visit is secure to use to input sensitive data too like passwords and credit card details etc.

Obviously most fairly savvy Internet users know that already just by seeing whether it's using https over http and there is a padlock icon in the address bar itself as a way to know whether or not it's safe to use for that reason.

Google is saying that they are going to notify webmasters about each specific URL location on your site that has input fields for putting password or card details into which will be the URLs that will trigger and cause the Chrome Non Secure Warning from showing to a visitor in the SERPs and when they visit your non-secured site via a browser warning popup and icon.

They've done this so that you can review all of those URLs, posts, pages on your site that do so you can take the suggested action to ensure they are marked as secure which can help to protect the visitors data.

This is seen as a move that is just one step in the long going uphill battle plan to make the Internet a safer and more secured place by letting your sites visitors know this by marking it as "Non Secure".

So obviously, the solution here is to purchase and install an SSL certificate for your site. It's affordable and much easier and quicker to that today than it ever used to be. And even your own webhost may do it for you.

Most domain registrars such as NameCheap and GoDaddy provide Knowledge Base articles that show how to properly install an SSL certificate on your site today for most web platforms and technologies out there.

A must move if you don't want your Chrome website visitors to see that Non Secure Warning show up and have them think your site is not safe to use. Period!

Does NOT having SSL mean your site is not secure and unsafe for your visitors to use?

If you are collecting passwords and credit card details on your site. Then you should be using SSL and there's no real reason not to. But if you are just a blog or some info type site, and you don't take credit card details, and you don't have any fields on your site that ask for a password that are crawlable and seen by Google. Then there probably isn't any reason to have SSL and your site wont get marked as unsecured.

However, just because a site is marked as unsecure by Google in Google Chrome. Doesn't necessarily mean that site is not safe to use. For simply visiting and reading the content or watching the videos or visiting a link to another site from that site or subscribing to their newsletter or posting a comment on one of their blog posts or something. Then that's going to be fine and safe to do even if they're not using SSL.

SSL = A False Sense of Security?

The other thing to know of course, is that even if a site IS using SSL (https). And does collect passwords or credit card details. It doesn't necessarily mean that site is safe to use. Sure, your password or sensitive credit card details are encrypted using the latest 256-bit key encryption, but that doesn't mean the website will send the goods/items you just purchased.

And I think that in the future we could see people fall prey to the false sense of security that SSL gives to people. Although this is really where you must use your common sense and do your background checks on a website you've never used before and isn't a really well known website.

And as long as your details weren't somehow intercepted and then decoded (unencrypted) (which can happen and can be done with the right tools/knowledge), then whoever signed their SSL certificate couldn't be held accountable (they actually insure the SSL certificate owner against this). So it would be down to your credit card company to cover you in the case of an item not received dispute.

So then, just because a website isn't using SSL, doesn't mean that website is not safe to use for most purposes. But you should only use it for entering passwords and credit card details if it is using SSL.

And just because a website is using SSL, also doesn't mean that website is safe to use to make a purchase from with your credit card details or passwords, names, addresses, emails and other sensitive data.

Where and How to Install SSL on your website?

If you have a website that has any fields on it that require a password or takes some sensitive details and you don't want it marked as insecure, you can purchase an SSL certificate online from most domain registrars like NameCheap or GoDaddy. And your actual webhost/ISP already sells them too.

But if you don't know how to do it, and need help doing that, you can always hire a freelancer here or even create a WTB and find someone to do it for you that way.

Have you upgraded and installed SSL on your non-SSL site yet?

Do you think it's right that Google should mark sites that don't use SSL as insecure?

Comments

Please login or sign up to leave a comment

Join
keen2write

I purchase SSL on my hosting and domain for my business website which really did my head in at times as I have to redirect it back to http instead of using the https which I wanted to use but my script provider for my site told me the script doesn't support ssl and https. For example when I had it Https everytime I tried to run my website it kept coming up with error message like Load Unsafe script in my browser so now I have to not use it which am gutted as really wanted my site to be more professional.

As anyone else run into SSL problems like my problem . Is there away to stop these unsafe script messages.




Are you sure you want to delete this post?

idealmike

Hmmm it used to be like that in the early days of SSL but most of those error notice bugs were ironed out in time. I'm not sure what script you're using but it could be that. The only thing I can suggest to you is speak to the SSL provider and see if they can give you some insight into what's going on and why it's not working with your script. But they might tell you to go back to the script provider and ask them. TBH SSL isn't my strongest point so I feel your pain! There is usually a fix or work around though if you dig deep enough. Have you tried posting about it on some webmaster related forums? Chances are there is someone else that had the same problem and might know of a fix/solution.




Are you sure you want to delete this post?

virusblock

Not good if you allow people to login to a site that is not doing something to encrypt the user name and password and the code needed to scan clear text passwords is so easy to write and you can bet your ISP is reading them all but you can use little javascript functions to stop them in there tracks that encrypt the data that is about to be posted.

Buying a SSL certificate is not cheap and it comes with overheads and i would not be too concerned will silly little excuses Google gives to downgrade a site and they won't ever be happy unless you are hosting google spyware scripts for them anyway and Google should stop trying to act as if they are W3C and own the internet




Are you sure you want to delete this post?

vinaya

SSL is important in gaining trust from search engines as well as visitors, however, for a beginner having SSL can be a financial burden. I have half a dozen websites running and none of them have SSL. Even though I know how SSL is important on my websites, I have not bought SSL because of financial constrains. Since my websites are new, they have not seen any substantial search engine traffic. Once my website begins to get good traffic, I will make sure to have SSL.




Are you sure you want to delete this post?

overcast

Google and Firefox are forcing the browsers to issue warning if there is no HTTPS. And they are making the forms on the websites such as this more secure as well. You can see that there are some secure HTTPS certificate are being issues. Let's enrypt is one such project is being released. And they are releasing hosting software with cpanel. And that's something one has to consider for the upgrade.

I have upgraded most of my blogs for the HTTPS. And so I don't have much problem on that side there. So that's something one has to consider as well.




Are you sure you want to delete this post?

vinaya

I have not used SSL for most of my websites. If I use SSL, I will incur extra expenses on managing my websites that are not even on the break-even points. I can use free SSL from Lets Encrypt, however, I do not know how to do this and my host does not offer support for Lets Encrypt as it sells SSL certificate for $9 per year.
I have one website with SSL certificate, I got it free from the host.




Are you sure you want to delete this post?

overcast

No extra expenses. Let's encrypt SSL and AutoSSL are two free options. My host "hawkhost" is offering both of them for free to me. I have no extra charges paying for that. I think you should change the host if it is charging you for the same. Because free SSL is the norm now.




Are you sure you want to delete this post?

vinaya

I know about Let's encrypt but never heard of AutoSSL. Are these free security certificates as good as the premium certificates? If yes, why are people still paying for certificates?
I will check out hawkhost and see if I can use the hosting service.




Are you sure you want to delete this post?

overcast

AutoSSL is addon on cpanel that issues let's encrypt SSL. So that's what is being used on the cpanel. And they are practically making things hands free. So just using the account as normal would do. And nothing more to be done. That's benefit of AutoSSL.




Are you sure you want to delete this post?

vinaya

My websites afre on cpanel. However, I did not reliaze that there is AutoSSL addon on cpanel. I will haver to check this option and see if I can use lets encrypt myself.




Are you sure you want to delete this post?

overcast

I think if your cpanel do not have lets encrypt or autoSSL that means it is on the older version of the cpanel. And your host needs to upgrade it. And that's what is going to give the access to free services. Hostgator and bluehost are not doing it because they want to make money through SSL so they are not offering free SSL.




Are you sure you want to delete this post?

vinaya

I am using namecheap and namecheap also does not offer free SSL, in fact, it sells security certificates for $9 per anum. I think, I am using older version of cpanel. I will check whether new version is available from the host or not. Thank you very much for your information.




Are you sure you want to delete this post?

overcast

Namecheap and godaddy both sell the SSL at higher cost. Make sure your host has free SSL. Because it should be offered by default now. And most of the host should not charge for that. Glad it helped.




Are you sure you want to delete this post?