“We’re at a turning point,” declared Matt Mullenweg, co-founder of WordPress, and founder/CEO of Automattic just three months ago.
“2017 will be the year we will see features in WordPress requiring hosts to have HTTPS available.”
Google now considers SSL as a ranking factor. But recently has gone even further. As of January 2017, Google is marking “HTTP pages that collect passwords or credit cards as non-secure.” That means your WordPress login page will be marked as non-secure if you’re not using HTTPS!
Does your website need an SSL certificate? Here are a few tips to help you decide.
- Accept Payments Securely
Do you plan to accept major credit cards online? You’ll need a merchant account, and most of them will require you to use an SSL certificate. Some web hosting companies have terms of service requiring websites to be secured with an SSL before accepting credit cards. Would you really want to put your customers at risk of having their credit card information stolen while shopping on your site?
- Protect Password Logins
A major reason you might want to add an SSL certificate to your website is if any of your pages are password protected. This includes WordPress or Joomla! or other database-driven sites with a login page for the administrator. Also membership sites with multiple logins need protection.
- Secure All Web Forms
Web forms collect information. They could be leads for potential home buyers or questionnaires with basic information such as name, address, phone number and email address that clients would not want to be leaked. Without an SSL certificate, some types of form mail can be intercepted.
- Protect Your Business Reputation
No site is too small to be hacked. Show your customers that you are serious about security and keeping them safe and that you are a verified owner of the website.
On a test run, I did set up an SSL certificate on my other site at jmgroupdesign.com. For an existing site, it is simply a one-click install and everything is done. For a new site WordPress install, the SSL certificate is automatically included. The WordPress FREE SSL does not require a dedicated IP.
Google wants to kill the unencrypted internet,
and will soon flag two-thirds of the web as “unsafe.”
“Google wants everything on the web to be traveling over a secure channel. That’s why in the future your Chrome browser will flag unencrypted websites as insecure, displaying a red “x” over a padlock in the URL bar.
With this upcoming change in Chrome, Google makes it clear that the web of the future should all be encrypted, and all sites should be served over HTTPS, which is essentially a secure layer on top of the usual HTTP web protocol. Several companies and organizations have been pushing for more encrypted sites as part of a campaign to “Encrypt All The Things,” which consists of promoting more websites to abandon the traditional, less secure HTTP protocol and adopt HTTPS.”
Currently, Chrome displays only an icon of a white page when the website you’re accessing is not secured with HTTPS, a green locked padlock when it is, as well as a padlock with a red “x” on it when there’s something wrong with the HTTPS page the user is trying to access. The change will draw even more attention to the sites that are potentially insecure.
“Over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search-ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.” – Google