Today, we informed our newsletter subscribers of the following news: If your website requires a login, which it probably does, you have until January 2017 to get an SSL certificate or Google will flag it with a warning to visitors.
We are sharing the announcement here, too, because of the importance of it and the huge impact it will have.
UPDATE: Chrome 56 Is Here Which Means ‘Not Secure’ Warnings on WordPress Login Pages for Sites Without SSL.
Below is the text from that newsletter.
Today, Google Made a Huge Announcement That Will Affect Most Websites
We really mean huge. We also welcome this announcement because we are strong proponents of https all the things.
So the news: Basically, starting in January 2017, if your website requires a password to login or is an eCommerce site, and people visit it using Chrome, Google is going to send visitors a big warning that the site is not secure if it doesn’t have an SSL certificate. This will turn people away from visiting sites that do not have https in the address. We strongly urge you to read the full announcement on Google’s Security blog.
What You Need To Do
If your website is hosted by WordPress.com, you are good. If your website is built using a service like Squarespace or Wix, you are going to run into problems unless they start to allow for easy implementation of SSL certificates. Currently, they do not.
If you have a self-hosted WordPress powered site, you need to contact your host and request that they install a Let’s Encrypt SSL certificate. They may come back with some excuses like: You need a dedicated IP address for SSL, or they cost money. Neither of which is true. Once upon a time, this used to be the case, but it hasn’t been for some time. So be prepared to have to educate them, send them to Let’s Encrypt (linked below) and send them to Google’s security blog update (linked above).
[The differences between self-hosted WordPress and WordPress.com explained.]
Let’s Encrypt is highly trusted, with sponsors including Mozilla, Automattic (WordPress), Cisco, and more. It’s also free and has automatic renewals. Let’s Encrypt has a goal of making the entire web https by the end of 2016, and they are making it extremely easy to do so.
If your host will not accommodate and help do what is necessary to comply with current security standards–which they should have predicted when Google announced that sites with SSL will rank higher than sites without it–it may be time to find a new web host. You really do not want your site visits to suffer. The January 2017 changes are just the beginning in Google’s efforts to make sure all websites are secure.
Skookum Monkey Can Help
Earlier this year, we announced that all of our hosting packages come with SSL upon request. Earlier this week, we announced that we’ve made it even easier for our clients to get an SSL certificate by adding easy Let’s Encrypt SSL installation right in their account management tools. They now have the freedom to do it for themselves or ask us to do it for them. We also wrote a step-by-step guide of how to install Let’s Encrypt SSL certificates and update their WordPress installation.
The timing of Google’s announcement with our announcement is uncanny.
There are other benefits with hosting with us, including we will transfer your existing WordPress site to our hosting environment at no cost. Learn more about other benefits of hosting your website with Skookum Monkey.
If you have any questions about what these changes mean for you, or need help dealing with your existing host to get them to do what is now necessary, or if you have more questions about our hosting packages, please do not hesitate to reach out!
We understand that switching hosts is time consuming and scary. We are happy to help you deal with your current host. We are here to help 🙂