The thing about SSL Certificates
No SSL certificate? So, Exactly What is the Problem?
Here is the reason for Google’s full court press to eliminate http sites:
Google has a worldwide campaign underway to warn website visitors away from websites that are not https/ssl encrypted as evidenced by a verified, installed SSL Certificate. This includes flashing onscreen warnings to avoid websites with no certificate of encryption and some virus protection software will refuse to even load the site.
Noncompliant websites are further penalized by degrading or blocking search engine rankings. Simply put, failure to comply will create unacceptable expenses and penalties. If you are non-compliant, all traffic including potential clients and first-time visitors are being warned not to proceed to your website.
“Interactions with websites that do not use encrypted communication are easy to hack and record even by low level hackers, just like reading a book.”
What about my security software? Isn’t that enough?
Your security and virus protection software is of no value for these types of attacks if your site is not encrypted. Virus protection protects your computer, not your website visitors.
Your security software can protect you from a malicious bug or virus trying to enter your system, but not all attacks are designed to simply create havoc. One of the most common attacks are MITM (man in the middle) operations. Without encryption, inbound data appears on your website in ASCI format and can be read just like a book, so that visitors to your site who enter credit card, personal or health information are unknowingly sharing it with any source interested in looking at it.
For example, a MITM attack spoofs your site and when your customers enter their information it is read by the hacker and then sold on the dark web. This is not possible if your site uses encryption.
I understand the danger but my website visitors do not enter any information so why should I care?
The short answer is visitors to your site are now being actively warned not to visit if you are not encrypted and your rankings by search engines are also being degraded. This is happening whether you collect data or not.
Warned by who?
There are three primary sources of these warnings and actions against your non-encrypted site:
(1) Chrome, Firefox, Safari and virtually all modern browsers are now programmed to immediately flash a user warning on screen against visiting any non https site. This started in 2017 and the intensity of the warning has gradually increased. Today, if the site is secure, a padlock appears along with the URL address.
If your site is not secure, an open padlock appears and your visitor gets an onscreen warning from his browser that your website is not secure and not to interact with it.
(2) In most cases, the visitor’s anti virus software will also pop up a warning message not to connect with your site if it’s non encrypted.
(3) Google is penalizing nonencrypted sites via reduced search results affecting the number of prospects who can even find you.
Question:
What do you think happens when a first time visitor to your website has a warning appear saying if you enter the website you may be at risk? Clearly they go somewhere else.
Question:
What do you think happens when a prospect searching for your product or service must go more than 2 pages deep in search results to see your listing? Most search engine users do not go beyond the first page of results and beyond the second page? Forget it.
Conclusion
Not only is running a website without encryption bad practice, it is very damaging to your business. Installing encryption is fast and inexpensive and puts an immediate stop to the broken padlock and other active on-screen warnings and avoids search engine penalties.
SSLDUCK is a Pittsburgh based computer security consulting company owned by ProSolutions. We offer a fast and very inexpensive solution for solving this problem.