Feeling insecure? If you have an insecure website, you probably should be feeling insecure. Google has been saying for a couple of years now that a more secure web is a major goal, and they’re about to get serious.
As of January 2017, Google Chrome marked any page that asks for passwords or credit card information without https as insecure. In October 2017, any page asking for information of any kind without https will be marked as insecure. Google intends to serve these warnings for all http pages “eventually,” though they haven’t specified their 2018 plans yet. Firefox is also serving warnings ar4eady. So if you’ve been waiting to get https for your website, now’s the time.
What is https?
HTTPS (Secure Hypertext Transfer Protocol) is a secure transfer protocol that sends information securely across the web. It’s different from HTTP, which is not secure. You might hear terms like “secure connection” or “secure portal” when people talk about http.
Any page that asks for credit card information obviously must be secure. Any page that transfers patient information or other sensitive data should also be secure. An ecommerce site has to be secure, and so does a patient portal. If you have either of these functions at your website, you probably already have https.
But many current websites are not in fact secure. If your website is mostly for patient education or brand awareness, you might not have bothered to add the extra layer of security involved in https. It used to be an expensive undertaking, and it might have been on your “someday” to-do list for years.
A page like the one you’re on now doesn’t require any particular level of security because we’re not collecting information. But insecure websites sometimes have both pages like this one and pages that need to be secure. Google’s crusade against insecure websites is responding to that kind of situation.
How can you make your website secure?
HTTPS is a hosting issue. That is, it doesn’t depend on how your website is designed, written, or built. It’s how you’re hosted. An SSL certificate must be installed on the server — the computer — that houses your website. Your hosting company should see to this for you.
That used to be expensive, but it no longer should be. We recommend WPEngine, which provides secure hosting at no additional cost. Use the link below to get a special deal from WPEngine.