A security certificate encrypts the data between your computer and a website like ours. You can tell it’s on there by the green padlock and ‘https://’ as the start versus the usual http://
That means someone who was trying to see the data going between your computer and the website (eg. when filling out a form or checkout, or just clicking a link) would see scrambled information.
Essential not optional
It used to be that only online shops and websites with logins (like social media, banks) had to have this facility. However it has become increasingly standard on normal websites and in line with regulations like GDPR in Europe means having one clearly demonstrates care over people’s data by adding security.
But the reason it is going to be essential from July 2018 is that Google Chrome, the most used browser at present, will be marking all websites without a Security Certificate as ‘Not Secure’. That also means all other browsers (Firefox, Internet Explorer, Safari, mobile browsers, etc) will follow suit.
The words ‘Not Secure’ will be clear, and some browsers will even put up a page asking the user if they want to continue. Average users are unlikely to realise that this doesn’t necessarily mean there is a securit problem on the website they are trying to visit.
Additionally, Google pointed out a while back that a Security Certificate would give you a small bump in terms of Search Engine position, because people like things that look secure.
How to get a Security Certificate
1. Order a Security Certificate with your Hosting Provider
Whomever provides you with space for your website should be able to get you a security certificate. If you have more powerful hosting (like a VPS) then this might even be free using LetsEncrypt, though in some cases like shared hosting this might not be available.
With Tortilla Hosting, if you have ‘Unlimited Shared Hosting’ then you can buy a Simple Security Certificate (SHA-2 with 2048 Bit encryption) that will then be applied to your hosting account. Just drop them a note to order it if you’re unsure/ have trouble ordering. This is an annual cost, currently £75.00.
2. Update your Website to use the Security Certificate & Google
When you change from http:// to https:// you need to change some settings on your website, including in the files that make up the design. This is mostly running through a database and checking there are no custom settings which means your website could say ‘partly Secure’ and produce a warning.
Additianally Google needs to be updated through Google Search Console (formerly Google Webmaster Tools) by authenticating https:// https://www. alongside http:// and http://www. as well as a new sitemap and letting it know which version to use in search results. Put another way, Google needs to know ‘use these https:// links’
freshSPRING will do the necessary website updates and Google connection for a one-off cost of £50.00 for our existing clients.