I finally secured an SSL certificate for The Bright Spot yesterday, after delaying it for months (my bad!)
You will now see the trust mark that is the green padlock and the HTTPS upgrade at my URL address.
Yes. My URL address is now officially https://www.leahdeleon.com
You will also see the bottom floater at the lower right portion of my website, which says “McAfee SECURE”. I got my SSL certificate from GoDaddy.com and it comes with the McAfee Trust Certificate.
For those who aren’t aware yet, Google Chrome will start flagging websites without SSL certificates and HTTPS encryption as insecure starting July next month.
At first I thought I will not be affected by this because my blog is not an eCommerce type of a website. This was also my excuse for not educating myself about these things. After all, I don’t maintain an online shop anywhere here that will require credit card information, or any data information for that matter, that will necessitate establishing trust between me and my readers.
But in the late 2014, Google announced that HTTPS will now be a ranking signal.
Because security is now Google’s top priority, and they have called for #HTTPSeverywhere not just from transactional websites, but even static ones like my blog!
Does HTTPS really make any sense for a static web site?
This was my immediate question (especially since the SSL certificate at GoDaddy.com does not come cheap!), and netlify.com gave me 5 good reasons for securing the SSL certificate and switching to HTTPS:
- Improve your SEO. If you care about how well your site positions in Google searches, then adding HTTPS can give you a small boost. Google recently announced that they would start ranking sites with HTTPS support higher than sites that only work under HTTP.
- Better analytics through the use of Google Analytics.
- Protect your content. HTTPS means all the traffic between your site and your users is sent over an encrypted connection, and no-one can tamper with the source code of your site.
- Protect your users. HTTPS doesn’t just protect users from lousy ISPs injecting ads, it also protects from more malicious man-in-the middle attacks. When your site is served unencrypted there’s nothing stopping a malicious attacker from using it as a convenient way to hijack your users.
- Take advantage of bleeding edge technologies. As browsers get more powerful, this means the trust bestowed on individual domains becomes much more valuable. Because of this, browser vendors are starting to consider only granting these permissions to domains served with HTTPS. It’s really part of the same reason as #4. How can you trust a domain, if there’s no way to guarantee that what you’re getting from that domain is really what the owner of the domain intended?
In short, even if my blog is mainly informational with just static contents, having the SSL certificate and HTTPS encrypted connection will still make a a LOT of difference, especially for my readers and even random site visitors who are now assured of safer browsing experiences. Yes, I value your privacy that much.
As for me, I am assured of equal privacy protection for my blog contents too.
Of course the carrot-and-stick motivation style of Google (“Get HTTPS and Improve your SEO!“) helped seal the deal too, hehe!
However, in my haste to beat the June 30 deadline, I wasn’t able to research more about the SSL certificate options online, and I jumped straightaway to GoDaddy.com to buy mine.
Thankfully I have only one website to secure, so I only have to get the standard Domain Validation (DV) SSL certificate that is currently discounted at Php3,119.00 / year.
What I got with this package:
- Proves domain ownership
- Will boost my site’s Google ranking
- Strong SHA-2 & 2048-bit encryption (All information passing to and from my blog is now scrambled by 2048-bit encryption that’s virtually unbreakable by hackers.)
- Padlock in address bar
- Security trust seal (c/o McAfee)
What I like about GoDaddy is that it’s so compatible with WordPress, switching to HTTPS/SSL using the very simple WordPress plug-in Really Simple SSL was done in a jiffy.
I’m quite content with how the whole process went (very simple, I must say!), and while I will not immediately feel the benefits of this security upgrade, being compliant with the soon-to-be protocol standards of Google and having a stable online reputation are enough satisfaction for me.
So to my blogger friends who are reading this, secure your custom domains with SSL now!
I’m highly recommending GoDaddy (because trusted ko talaga ito) but I’m letting you know too that you can also get SSL certification for FREE!
I was too late na when I learned about Let’s Encypt – a free, automated and open Certificate Authority. But check it out first to see if it’s the one suited to your needs and more importantly, if it is supported by your web hosting provider. There’s also minimal programming needed to successfully set everything up and if you have the skills and patience for this, then go for it.