Securageddon – Surviving the SSL Apocalypse

You may have been hearing about recent changes to Google’s Chrome browser and how it displays secure, or SSL-encrypted, web pages. It can be a pretty intimidating subject if you’re not familiar with website security. Maybe you don’t even know for sure what an SSL certificate is. We want to help get you through these upcoming changes, as well as cope with some recent ones. So we’ve put together a Q&A to help walk you through this process.

Q: Should I panic?

No, don’t panic. You can pretty much disregard all the “Apocalypse” and “Armageddon” buzzwords that you might see in content online. Yep, that includes the title of this blog post.

This is important, and it definitely matters. But your site isn’t going to crash and burn. First of all, this update only applies to Google Chrome, not any other browser your customers may use. And second, the solution to all of your problems is to simply get an SSL certificate.

Q: What is an SSL certificate?

An SSL (Secure Sockets Layer) certificate is basically a document that ensures that all of a user’s data is encrypted. They’re only allowed to be issued by certain trusted companies, such as cPanel or your hosting provider (GoDaddy, HostGator, etc), and they must be renewed regularly. It’s sort of a virtual handshake between your browser and the website, after which anything you send to the website (such as a form submission or login) is encrypted and secure.

Q: Why do I need one?

It’s always been a pretty good idea to have one, but they were primarily used for sites that transmitted super secure information, like credit cards. Last year, Google started pressuring all sites to have SSLs any time there’s a form or login screen. In fact, Google Ads started rejecting ads that led to insecure websites. You would also see a “Not Secure” warning next to the URL in your browser – but only on sites that had forms.

Now, Google has determined that most of the top sites use SSLs, and have decided that all non-SSL websites will display the “Not Secure” warning, whether it has forms or not.

Google has also warned that they will rank sites with SSLs higher in search engine results than sites without them. That means it’s worth your while to get an SSL, even if you never needed one before.

Browser warning before and after July 2018

Q: What should I do now?

The solution is to install an SSL. For most websites, this will be fairly easy. Most hosting providers will actually install it for you, though they may charge a fee to do it. Prices for a basic SSL range from $0 on hosts such as SiteGround or WPEngine to $75/annually on GoDaddy. We do occasionally see hosts that charge more than this, but this is the typical range. (If you’re currently hosted with Oozle Media, you’ll be happy to know that we provide SSLs free of charge, as well.)

If you feel comfortable purchasing and requesting a set-up through your provider yourself, now is a great time to get that done! If you need assistance with the process, go ahead and contact Oozle Media and we’ll help you out.

Q: I’ve heard of free SSLs. Can I get one?

You may have heard of free SSLs through companies like Let’s Encrypt. It’s technically true that free SSLs exist on the market. These certificates, however, can come with some heavy limitations. For example, Let’s Encrypt only provides SSLs that are valid for 90 days, so you’ll have to manually renew them every three months or so. Free SSLs aren’t always compatible with shared hosting (which most of our clients use), especially on hosts such as GoDaddy. And on top of that, you’d have to manually install it, which can be a real trial if you’re not an expert. Frankly, it’s worth the money to let your host handle it.

Q: What happened with Symantec SSL certificates?

You may have heard that Google will automatically mistrust certificates issued by Symantec. The short version of that story is that Symantec broke some industry rules related to issuing SSLs and they aren’t a trusted signer anymore. So if your site was ever protected by a Symantec certificate, it shouldn’t be. (If you’re not sure, you can use the SSL Checker to see if you’re affected.)

Let Oozle Media Help!

Still not sure what you need? Contact Oozle Media today and we’ll help you through this process.