Google Announces Mandatory SSL Certificates for All Websites
Last year, Google said they would reward (so to speak) websites that had valid SSL certificates. Then earlier this year, they followed up with an announcement that as of July, any website without a valid SSL certificate would be marked as “insecure” in both Google search results and when browsing in Chrome. The rollout of the new SSL rule began with websites that processed transactions or held visitors data. Google has now made the official announcement that ALL WEBSITES, regardless of type, will need to have a secure website by the beginning of October.
What Do You Need to Do to Comply with Google’s Newest SSL Rule?
Make sure your website has an SSL certificate installed – If you see a little padlock next to your website name, and the address begins with an https:// then you have a secure website.
If you do not have a little padlock, and your website starts with http:// (rather than https://), it’s time to do something about it. You can give it a try yourself, ask your webmaster about it, or enlist an IT manager or developer to assist you.
What is the process of installing a SLL Certificate?
First, obtain the SSL certificate (through your hosting company). Some offer these certificates for free, and others charge an annual fee starting at $49 a year depending on the type of SSL certificate you choose. Once you’ve purchased your certificate, you will have to verify the domain you are using the certificate on. If you’re taking on the process on your own or enlist someone to do it for you, you will still have to most likely verify by email that you still own the site.
When the verification process is complete, the certificate will be applied to the domain. Now comes the fun part – just because a site has a certificate, does not necessary mean it will be SSL compliant. You’ll have to go through your whole website and update all links, images, documents, etc. to make sure everything begins with https:// and not http://. Any item left as http:// will be non-compliant and get your website marked insecure.
Once everything has been updated to https://, you’ll need to redirect from your old site address (http://yoursitename.com) to your new site address (https://yoursitename.com) to make sure that every visitor is being directed automatically to your secure website address.
Google views http:// and https:// versions of your website as totally different websites. For this reason, you will also need to update your Google Analytics and Google Search Console with the updated information.
WOW! That’s too much to take in, you say?
If you don’t feel that taking care of transitioning to your secure site is something you can do on your own, give us a call. But…don’t wait too long! It is estimated that more than 75% of website owners will be trying to get their websites secured prior to the October 1st deadline.