It seems the experts are telling everyone that we need to look harder at website security. Well, that’s all fine and good, but how do you actually know that your site is secure? That was a question I needed to answer.
Fortunately, some quick answers come from a free tool that the fine folks at the Mozilla Foundation created. What’s nice is it gives you a simple grade, just like school. And just like school, I never thought I would still be getting F’s.
Despite Google giving web developers advance notice, I think a lot of people are going to be caught off guard by the upcoming “Not Secure” connection security label that will start showing in the Google Chrome.
As a result, your viewers and users might be confused and start asking questions. This is particularly true for content management sites (CMS) that have a login link.
I plan on doing a longer post on the process of switching over to HTTPS. As you might guess, it’s not as easy as you think. Until I resolve the remaining issues, you’ll most likely see some mixed content warnings in your browser. That’s because both “secure” and “insecure”content is being served. If the page doesn’t look correct in your browser, you can accept the “insecure” content and it will look fine. I’ve posted some shots of how different browsers show the error.
Google recently indicated that HTTPS will be a ranking factor. That started some discussion with folks as to whether that would be enough of an incentive for people to change. I think it’s a good move on Google’s part, but not sure it will move the needle. I think making the move is something to investigate. I thought this would be a good challenge for me. Will it be easy for me to move to HTTPS, or will I find it cumbersome?