Should I get a security certificate?

October 2018: Short answer: Yes!

Long Answer:

What is a Security Certificate?

A security certificate is installed on the server that hosts your website. When installed and when your site is configured to use it, everything that is sent from the server (traffic) to a visitor’s web browser (page content, images, etc) is encrypted. And, traffic sent in the other direction (eg when a visitor has typed some information into a form on your website) is also encrypted.

These days it is not difficult for determined people (hackers etc) to intercept web traffic. However, if that traffic is encrypted, it becomes extremely difficult for them to decipher and use.

Therefore, a security certificate means that information you display on your website to a visitor (eg information about an order they have placed) and information a visitor enters into your website (eg their payment details) are safe from hackers.

A security certificate has become a standard requirement for all websites that take online payments for some years.

January 2018:

We are often asked “Will my website rank better if I get a security certificate?

Google announced that having a security certificate (aka SSL or HTTPS) was to become a ranking factor in August 2014. They said: “we’re starting to use HTTPS as a ranking signal”. Many salespeople picked up on this and started selling security certificates to website owners to “help their site rank better”.

However, if they had read on, the very next sentence in Google’s announcement had said: “For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content.” Google has said that they may increase the importance of security certificates in their ranking algorithms over time but, based on the latest analysis we have seen, there is at best only “a slight positive correlation between the https URL and rankings”.

In other words, our recommendation today (Jan 2018) is: don’t make the switch to HTTPS solely for SEO purposes. It’s a resource intensive process (to do properly) and there isn’t a strong correlation between the two.

Update: May 2018:

chrome not secureFrom July 2018 the Google Chrome web browser will, according to Google, “mark all HTTP sites as ‘not secure’” (a HTTP site is a site without a security certificate). To date, Google Chrome has only been marking HTTP pages that have a form on them as “not secure”. It seems that, from July onwards, all of your site’s pages, whether you have a form on them or not, will be marked as “not secure”.

As the Google Chrome browser is the most popular web browser, and as “not secure” is not a message that we would encourage anybody to broadcast about their website, our advice now is to have a security certificate installed and activated on ALL websites.

October 2018:

Well, Google Chrome did make the predicted change on about 31st July. And, it sparked a series of copycat changes from other browsers. Now other browsers are also marking all web pages as “not secure” even when there is no security risk to a website visitor.

Even though a security certificate may not be required from a technical/security perspective, we advise you to have a security certificate to avoid the perception issues that come from the “not secure” messages. A basic security certificate is sufficient for most websites (that do not sell products or services online) and can be acquired and set up for the equivalent of less than the cost of a cup of coffee each week. 🙂

This Page Can’t Load Google Maps Correctly

Google maps errorIf the maps on your website are occasionally (or always) displaying a message that says “This page can’t load Google Maps correctly” then this article is for you.

Your website is using what Google calls its “Dynamic Maps Service”. Google will be dynamically creating the map each time the page is loaded. This means that your website is asking Google to do a little piece of work every time somebody visits a page with a map on it.

In future, Google will charge for each dynamic map display. The current charge per dynamic map display is 0.7 US cents (or US $7 per 1,000 displays). However, Google have also said that “You also get a recurring US $200 credit on your billing account each month to offset your usage costs”. That means that (for now) Google will be allowing you over 28,000 map displays for free each month and, for many websites, this means that there will be no charge to continue to use Google’s dynamic maps service (for now).

I suggest that you check your Google Analytics account and use the number of pageviews for each page that shows a map to calculate how many times your site will ask Google for a dynamic map.

There are other mapping services apart from Google’s service. However, for most websites, the Google service is preferable and the cost of changing the site to use another service is not justified.

Therefore, to “solve the problem”, we need two things to happen:

  1. Firstly, you need to have a Google Account set to what Google calls a “Google Billing Account”. In simple terms this means that you have lodged a credit card with Google so that they can take a payment from you if your maps usage exceeds their free quota.
  2. Then, we need to link your website with this Google account so that Google will allow the maps to display correctly and so that Google can keep track of how many maps displays relate to your Google account (and determine whether to charge you or not).

So, talk to us first to confirm which Google account to choose to become a Billing Account. There may already be an account linked to your website and it may be simplest to use that account or it may be better to use a new account. We can talk through the options with you.

Once you know which Google Account to “upgrade” into a Google Billing Account then we will need you to add your credit card details to that account. For your own security we prefer that you do this rather than us having access to your credit card details. To set up an account as a Google Billing Account you will need to follow Google’s instructions here: https://cloud.google.com/billing/docs/how-to/manage-billing-account (go through the Create a New Billing Account steps).

Once that is done, we will need the login details for that Google Account so that we can connect it and the website together. We’ll upgrade the Google Maps code on the website to use the new code that tells Google to display the map and allows Google to keep count of the number of maps displayed.

We’ll give you a firm quote to do the changes to your site but, depending on how many maps you have on the site, how they currently connect to Google and how old the “connection” code is, we usually find that the total charge for this upgrade is in the range £75 to £150.

Why Am I Seeing So Many Cookie Popups?

You may have spotted a growth in cookie popups in recent months and wondered whether your website needs a cookie popup too..

These popups are appearing because of PECR – the Privacy and Electronic Communications Regulations. This regulation has been in force since 2003 but has undergone five major changes, the most recent of which was on 8th September 2018. PECR covers more than just cookies and it also overlaps to some extent with the GDPR but we’ll just focus on PECR and cookies for now …

PECR covers the use of cookies that track information about people accessing a website. It’s aimed at allowing users to understand and control how they are marketed to. The regulation now requires that you obtain the user’s active and clear consent to the use of cookies that will track their actions and that you obtain this consent before setting the cookies. This means that many website that use cookie tracking to advertise products and services (that are customised based on your Internet activity etc) must obtain your permission before they show you the adverts. Hence the large number of cookie popups.

However, this is only for cookies that track information about people. If your website uses cookies for other purposes (eg to keep track of an online shopping basket or to simply enable the site to function correctly), then you do not need a cookie popup.

What about Google Analytics? We encourage you to use Google Analytics. It tracks website activity by using cookies. So, if I use Google Analytics, do I need a cookie popup? Our current understand of this is “generally no”. Normally Google Analytics is being used to track information about the website rather than about people. There are advanced capabilities through Google Analytics that can be used to track some limited information about people and Google Analytics data can be linked to other systems for enhanced tracking but this is not the norm. If you are using Google Analytics in this way then you might need to use a cookie popup but for normal Google Analytics usage, our understanding is that cookie popups etc. are not required.

IMPORTANT: We are not solicitors and do not fully understand the law. We offer the above as our thoughts and commentary only and advise you to consult with a solicitor before taking any action as a result of our thoughts above.