Welcome to SSLDUCK
Before you browse our site, here is what you need to know:
We exist to help you resolve the problem you are about to have if your website is not https (SSL) encrypted. This is a serious but easily corrected problem.
So, Exactly What is the Problem?
In case you are not aware, a national campaign is underway to warn website visitors away from websites that are not https/ssl encrypted. This includes flashing onscreen warnings to avoid the site and some virus protection software will refuse to load the site. Google is penalizing non compliant sites by degrading search engine rankings. Simply put, failure to comply will create unacceptable expense and penalties. If you are non-compliant, all traffic including potential clients and first time visitors are being warned not to proceed to your website.
Here is the reason for this full court press to eliminate http sites:
“Interactions with websites that do not use encrypted communication are easy to hack and record even by low level hackers, just as easy as reading a book.”
This means visitors to your non-encrypted website are at risk of having their personal information stolen and used by hackers. Today’s hackers are not limited to nerds living in their mother’s basement. There are large criminal organizations with 24/7 operations to find and attack non-encrypted sites. Some of these attacks are also state sponsored by certain governments with massive offensive hacking operations targeting American websites.
What about my security software? Isn’t that enough?
Your security and virus protection software is of no value for these types of attacks if your site is not encrypted. Virus protection protects your computer, not your website visitors.
Your security software can protect you from a malicious bug or virus trying to enter your system, but not all attacks are designed to simply create havoc. One of the most common attacks are MITM (man in the middle) operations. Without encryption, inbound data appears on your website in ASCI format and can be read just like a book, so that visitors to your site who enter credit card, personal or health information are unknowingly sharing it with any source interested in looking at it.
For example, a MITM attack spoofs your site and when your customers enter their information it is read by the hacker and then sold on the dark web. This is not possible if your site uses encryption.
I understand the danger but my website visitors do not enter any information so why should I care?
The short answer is visitors to your site are now being actively warned not to visit if you are not encrypted and your rankings by search engines are also being degraded. This is happening whether you collect data or not.
Warned by who?
There are three primary sources of these warnings and actions against your non-encrypted site:
(1) Chrome, Firefox, Safari and virtually all modern browsers are now programmed to immediately flash a user warning on screen against visiting any non https site. This started in 2017 and the intensity of the warning has gradually increased. Today, if the site is secure, a padlock appears along with the URL address.
If your site is not secure, an open padlock appears and your visitor gets an onscreen warning from his browser that your website is not secure and not to interact with it.
(2) In most cases, the visitor’s anti virus software will also pop up a warning message not to connect with your site if it’s non encrypted.
(3) Google is penalizing non encrypted sites via reduced search results affecting the number of prospects who can even find you.
What do you think happens when a first time visitor to your website has a warning appear saying if you enter the website you may be at risk? Clearly they go somewhere else.
What do you think happens when a prospect searching for your product or service must go more than 2 pages deep in search results to see your listing? Most search engine users do not go beyond the first page of results and beyond the second page? Forget it.
Not only is running a website without encryption bad practice, it is very damaging to your business. Installing encryption is fast and inexpensive and puts an immediate stop to the broken padlock and other active on-screen warnings and avoids search engine penalties.
SSLDUCK is a Pittsburgh based computer security consulting company owned by ProSolutions. We offer a fast and very inexpensive solution for solving this problem.