Padlock your website: why and how to do it

If your site is already using https:// and showing a padlock then good job, see you next time.

If not, time to wrap your site up in a security blanket.

Why

The padlock indicates when a site is using the “secure protocol”, also shown by having a URL starting with https:// rather than http:// (note the “s” in the secure version).

If you don’t have this already (for encrypted transactions) the main reason you want to add it now is because of Google.

• Google search uses https as a ranking signal
• Starting in July 2018 the Google Chrome browser will mark non-https sites as “Not secure”

How

If you used a site builder like Squarespace or Weebly they have help docs on how to set it up if it isn’t already.

Otherwise how you enable it depends on your webhost. Some hosts (e.g. A2 Hosting) offer free continuous Let’s Encrypt security. Others, like Bluehost, make you jump through some additional hoops but may have a free option as well.

Failing a free easy option you’ll have to pay a subscription for a Secure Sockets Layer (SSL) certificate. Just a cost of living on the internet, 2018-style.

As always, if you have questions talk to your website collaborator!

Notes

Free SSL (e.g. Let’s Encrypt) should NOT be used for sensitive data entry such as credit card info, social security numbers, etc. For that a warrantied service should be used instead. Ask your webhost or web developer.

There are some complexities around third-party services such as Google Search Console and Bing Webmaster Tools, so consult with your website pro about that.

If you are ever wondering “should I enter my [password, credit card information, or other sensitive information]?” on a site you’re visiting, do NOT simply trust it because you see https:// in the address bar. That’s a good sign, but when in doubt be safe.