Time to Upgrade Security

green security padlock
courtesy of Stuart Miles at freedigitalphotos.net

Like many authors with personal websites, I have until now ignored the publicity around Google’s new announcements about changing to a secure URL  with jolly green padlock and an https:// prefix for the web address.

Why, I thought, would anyone be bothered hacking a small site like mine? I’m not selling anything, I may not even have any readers. I’m not a supersite like the UK’s National Health Service, an ISP like Talk Talk, or Spain’s Telefonica.

And more than many seemingly agree with me as I’m not the only normal www. on the web without an SSL certificate.

I do block loads of inept hackers trying to leave comments but if they don’t show on my webpages, that must be all right–right? Sadly not.

Google is now upping the ante. It is downgrading non-secure sites in its search engines, and popping out little warning notices prompting readers to think carefully before interacting with non-secure sites.

Why Pay Extra for SSL?

Is it worth paying the extra for an SSL certificate to encrypt a site which has nothing to hide?

I now say yes and have a few good reasons for doing so.

  • Internet communications can be bounced from computer to computer before reaching the server. Any one of these could attack an unprotected site with malware or worse. People around the world can extract sensitive data–not just yours but that of your readers even if you are just asking for an email sign up for a freebie or newsletter.
  • Do you really want readers to see a warning notice suggesting your site is unsafe? It’s bad enough seeing a warning that your site is suitable for adults only because you have a rather risque book cover shown somewhere on it.
  • SSL (Secure Socket Layer) certificates encrypt your site from the moment it leaves your computer so it can reach your secure server safely. Your readers can be confident that any details they post requesting a newsletter, or even just making a comment, are safe with you. It’s  difficult for spammers to get a security certificate.
  • And if it’s cost that’s worrying you–check again. More and more companies are in the market to provide the certificates so prices have been dropping. You can even get free access through websites like Cloudflare or Let’s Encrypt if you feel confident to manage the tech details.

Warning notice

Like everything else you do on the Internet, check out the provider you choose carefully. Google has already noted that some certificates are not as trustworthy as they claim to be.

If you have a shared website –if your URL contains the name of your web host in the suffix like blogspot.com or ipage.com–then you can have your https prefix for free.

But if you have your own .com address, it means getting your own certificate from a trusted provider sooner rather than later.

I am now energized to sort out my web presence security asap.

Have you done yours yet?