If you surf the web with any regularity you've probably seen this message at least once or twice: "Not secure" "Your connection is not private" A warning "not to enter any sensitive information like passwords or credit card numbers because they could be stolen by hackers" likely followed.
It probably freaked you out a bit, right?
You're not alone. Most people that encounter this message tend to leave the site and not return. And for good reason. A site that isn't properly secured can be dangerous, putting any data that visitors might transmit at risk. As a result, unsecured websites tend to lose out on a lot of potential web traffic.
But that's not you. You would know if your website was not secure, right?
Maybe. But maybe not. It all depends on who hosts your site and whether they've done their due diligence to set up your connections properly. This article will show you how to tell, what's at risk if your site isn't secure, and what you need to do to set things right.
How to Tell if Your Website is Not Secure
It's not hard to judge your connection's security. Visit your website in a standard web browser and look for a lock icon just to the left of your web address at the top of the screen. The lock indicates that your site is secured. Alternatively, you can check the web address itself. It should begin with "https" instead of "http". If you see the latter you may have an issue.
If you don't see a lock icon or "Not secure" and your website starts with "http" then it's likely that you're missing an essential element of your website's security — an SSL certificate.
What's an SSL Certificate?
It's a digital file that enables an encrypted, secure connection between website visitors and your hosting server. It also serves as proof that your website is what it claims to be, having been verified by a trusted certificate authority. Without an SSL certificate, any transmitted data, like passwords and personal user information, is sent in plain text and is readable by any third-party that might be monitoring the connection.
In order to be fully compliant, you need an SSL certificate and you need to make certain your host is using a 301 permanent redirect to send all HTTP (Port 80) requests to HTTPS (Port 443). If you didn't already guess, the "S" in HTTPS stands for "secure". This second step guarantees that visitors will reach your secure connection even if they don't include the "S".
So My Website Is Not Secure, How Bad Can it Be?
Imagine the single worst thing that could ever happen to you.
An unsecured website won't cause that. It probably won't provoke the second or third worst things that could happen to you, either. But it is something you want to avoid.
Not only will it scare away incoming traffic and put your customer's data at risk, Google frowns upon unsecured connections. The search engine will penalize your site and lower its ranking on keyword searches. Lowered search performance means even fewer visitors to your website.
It's a bad situation, and it has a strong negative effect on your site. And there's really no reason for it. Getting an SSL certificate is easy. And it's free! You can get your own by visiting Let's Encrypt. Most reputable hosts will include and maintain an SSL certificate for your site free of charge.
However, there are bad players that will pretend that these certificates are costly, and charge you an exorbitant fee to set one up. This is a red flag that you're dealing with a shady provider. If you're paying for a free certificate, it's likely they're overcharging you for other services as well.
Puget Tech Can Help
If you're not certain whether you have a certificate or if your HTTPS access is properly forced, give us a call. We'd be happy to check for you. If we find that your website is not secure, we can help you rectify the situation. We enable SSL by default. We won't host a site without installing a proper SSL certificate at no extra charge.
Of course, secure connections are only one part of a wider conversation about website security. Contact us if you'd like a consultation on your website's complete security picture. We can diagnose, fix, update, repair, optimize, and maintain anything that's ailing your site. We provide complete security for our clients, and we don't charge an arm and a leg for it.