If you are a tech-wonk person who doesn’t mind spending time figuring out how to follow instructions related to website encryption, this post isn’t for you. You can go ahead and click somewhere else. You’ve already done what is explained below for free — except for the time you spent going through the options. That, or you have a valid philosophical objection to the way the “powers that be” have set a time bomb that will blow up the way links have worked since the beginning of web. For the rest of you (us), it will probably be best for you (us) to out-source this to the person who manages your (our) websites. It’s a more expensive option, but it may save you hassle and expense in the long run.
As we’ve shared before, Google and other web browser developers have been urging website owners to adopt a security measure that requires the owner to take measures that will turn the letters “HTTP” into “HTTPS.” (We provided a far techier explanation in our previous article, so we’re going to skip initials like TLS and SSL this time.)
Last Thursday (2.8.2018) Google announced that in July (2018) with the release of Chrome 68, any site that does not have the “S” showing in “HTTPS” is going to have their entire website displaying a “not secure” message in an “omnibox” that looks like this:
According to Google, there has been a significant acceptance of the security encryption that causes the “S” to appear after HTTP in a web browser:
- Over 68% of Chrome traffic on both Android and Windows
- Over 78% of Chrome traffic on both Chrome OS and Mac
- 81 of the top 100 sites on the web use HTTPS by default
So what should you do if you are a techie person who built your website from scratch?
- We’ve already told you: Click off this article.
What should you do if you pay a company or individuals to manage your website?
- Contact them to ask what you should do. (Some may handle a basic version of this for free.)
- Check out the option of a service like GoDaddy’s SSL service. It’s more expensive than some other options, but you can talk with real, live people who can help you figure out what to do. Say something like, “I’m NOT looking for a DIY (do it yourself) option. I need the DIFM (do it for me) version.
Want to still look into that free option?
Here’s what to do. Visit the two sites below. They are efforts created by companies and non-profit groups to encourage encryption for various reasons ranging from privacy advocacy to e-commerce.
A good place to find out everything you want to know about encrypting your website. Let’s Encrypt is a free, automated, and open certificate authority coordinated by the non-profit Internet Security Research Group (ISRG).
HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure. HTTPS Everywhere is produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. According to HTTPS Everywhere, “Many websites offer some limited support for encryption over HTTPS, but make it difficult to use. The HTTPS Everywhere extension fixes these problems.”