The Inbound Life Blog

Hey, if you like what you read you should subscribe to our blog.
You can opt-out at any time.

The Clock is Ticking: in 2020 an SSL Certificate will be Crucial

Posted by Lucy Railton on 10/12/19 2:48 PM

Most website owners are well aware of the advantages which an SSL (Secure Sockets Layer) certificate brings when it comes to building trust with users, increasing the security of online transactions and seeing a rise in the number of successful conversions. Whilst it's well-known that having an SSL certificate boosts rankings, from next year, failure to have this essential piece of software in place will lead to your content being blocked from Chrome browser users! Read on to discover why your continued online success could be at grave risk if you don't have an SSL certificate in place by the end of December 2019. Don't let your existing customers down or limit the opportunity to capture fresh trade - your site needs an SSL certificate if Chrome browser users are going to see it!

What is an SSL?

In simple terms, a Secure Sockets Layer is a layer of security embedded in the site which allows a secure connection between servers. This means that if someone is communicating via your site, the nature of their communication is encrypted, with the "key" to the encryption held only by the authorised party. Used to provide security for data or financial transactions, as well as to protect social media posts, the presence of an SSL is shown through the SSL certificate. Possession of the certificate, available only from a reputable Certificate Authority, is shown through the addition of an 's' after 'HTTP' in the web address, as well as the presence of a padlock.

2020 Chrome Update Spells the end for "Mixed Content"

Although always a preferred option for websites, the urgency for an SSL certificate has increased following Chrome's announcement that changes to its browser will result in "mixed content" being blocked. Mixed content is created when some content on a page has been loaded via an HTTPS (secure, certified connection - typically the initial HTML for the site will have been uploaded through this type of connection), whilst other content (typically updates, AV materials and similar) has been uploaded through a non-certified HTTP connection. The presence of both types of content (mixed content) could indicate that the page isn't as secure as an SSL certified option. Chrome browsers are being updated to reject mixed content on the basis that it could pose a threat to users.

What does this mean to your website visitors?

Chrome is an enormously popular browser with both desktop and mobile users. In fact, Canadian data from the third Quarter of 2019 ranks Chrome as the number one browser for desktop users.Statista

Chrome's dominance is clear not only at national but also international level: recent figures show that globally, Chrome occupies the top three browser positions with different forms of its service. The top position is held by the Chrome Android browser, which has captured a staggering 30.83% of the global market. With such a formidable number of people accessing online data through Chrome, can you afford to have your site blocked from their eyes due to mixed content?

How to prevent mixed content

In the first instance, it's clearly important to load all content through a secure connection, which prevents mixed content without the need for retrospective correction. If you already have mixed content in place, the Chrome JavaScript Console will show content warnings which relate to mixed content. It's necessary that each "http:" which has a warning or error attached to it is fixed individually in order to remove the mixed content.

An alternative method of resolving mixed content issues is to look at your source code. By looking for 'http://' and then for any 'http://' which come up with URL attributes relating to mixed content warnings, it's possible to isolate those areas which need additional attention in order to remove mixed content.

Mixed content can be resolved in the following ways:

  1. Simply removing the insecure content. If there isn't a way to load the content securely, it's often easier and quicker to simply remove the material from your site.
  2. In some cases, it's possible to find the same material from a secure source. Depending on how important the content is to your aims, finding a suitable alternative provider for it could result in a secure upload.
  3. Host the content directly on your site, rather than linking with a third party to provide it. Note that there may be technical and/or legal difficulties in accomplishing this.
  4. Take a look at your Content Management System (CMS)! Remember that although WordPress is a CMS, it doesn't actually host your website. This means that you will have to apply for an SSL certificate independently. This isn't the case for all CMS providers, however: companies such as HubSpot, CMS and SquareSpace include SSL certificates. This means that if you use one of these companies, your site will automatically be protected (and also, possibly as important when it comes to your bottom line, be visible to Chrome users once the updates have been applied in early 2020). These CMS providers will also host content on their platforms, which decreases the risk that mixed content will creep in somehow.

Remember that every page of your site will need to be visited and corrected in order to provide a complete solution to the problem.

Given the growing importance of ensuring your site is protected by an SSL certificate, it makes sense to check with your hosting provider to see if the SSL certificate is included as part of the package of benefits which they provide. If not, it may be worth going it alone or switching to an alternative provider so that you know your content won't end up being mixed. With the potential for the Chrome updates to have a significant impact on your audience if you haven't got an SSL certificate in place, the time to act in order to resolve this matter is now!

Sources:

https://www.searchenginejournal.com/google-block-mixed-content-warning/329055/

https://developers.google.com/web/fundamentals/security/prevent-mixed-content/what-is-mixed-content

https://www.globalsign.com/en/ssl-information-center/what-is-an-ssl-certificate/

https://www.statista.com/statistics/421625/web-browser-market-share-in-the-united-kingdom-uk/

https://techjury.net/stats-about/google/#gref

https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content

 

Topics: SEO