We teach our audiences to make their own personal websites using the Free Blogger.com tools from Google. It’s free, it’s drop-dead easy, and it’s secure by default. You don’t have to do anything for your Blogger-built website to be at an httpS address. The S stands for secure and if you don’t have that on your site, there will come a day when your visitors will see the message above. We have 3 sites built by Blogger:
- Our personal life blog: GeeksOnTour.blogspot.com
- Our special Google Photos site: LearnGooglePhotos.com
- Our special video podcast site: TheButtonShow.com
Check your site
Go take a look right now. If you have a personal website, a blog, or a small business or club website, check it out. You’re looking at the address bar and you want to see a padlock and httpS. If you see that, you can breathe a sigh of relief and stop reading this article.
How to get an SSL Certificate
If you don’t see them, you have some work to do. It may be just a little work, it may be more. To get the httpS designation, you need an SSL Certificate. You get it from your webhost. I have some websites hosted at Godaddy.com, I also have one hosted at A2Hosting.com, then I have the free Blogger sites. I called Godaddy and bought certificates for 2 sites at $60 each per year. A2Hosting provides the certificate at no charge, but I still had to call and ask them to install it. The Blogger sites, are already secure. There are lots of different options when it comes to these certificates, how they are sold, and how they are installed. You need to talk to your host.
Note: if your website is using Blogger and you don’t see httpS – it means you’re an old blogger! errr, I mean a long-time blogger. You started before they changed the default security setting. Just go to your Settings, Basic, HTTPS Redirect, and find the dropdown where it says No and change to Yes.
Mixed Content Pages
Just getting the certificate may not be enough. When you have a web page with images on it, those images are stored somewhere and the code that references the image is a complete address of its storage location. Something likeĀ src=”https://imagehost.com/s640/mypicture.JPG” Notice the https in that reference address. If you have pages on your website where there are images that are hosted on non-secure sites – http, they can cause a problem.
Starting a new website today is so much easier than fixing an old one! If you need to fix mixed content, there are tools that can help. If your website uses the WordPress platform, check out the plugin called Really Simple SSL, it really saved my bacon! To understand what is going on with your site, try the webpage, whynopadlock.com.
No forms on your site?
The real purpose of security on a website is to protect people who enter sensitive data into a form. For example, if you ask for credit card numbers, you definitely qualify and needing security. But, even if you don’t ask for sensitive information – if you have any type of form that a viewer can type into, like a search form, that will trigger the requirement in the future. If you have no form of any kind on your site … it’s just a business card … then you may not be subject to that nasty message above, but you still won’t get the green padlock. Some users are now trained to look for that green padlock on every site they visit. If, instead, they see a grey i – they can click that and see the information that the site is not secure.
Do you have to get a SSL certificate? Maybe not, but it’s a good idea anyway. Google’s goal is to make the entire web secure.
July is the deadline
This has been coming for a long time. Google is intent on getting everyone to secure their websites. In July of 2018, Google will start labeling any website still using http as Unsecure. Here is an article that goes into detail:
Google Chrome to Label Sites Using HTTP as Insecure Starting in July