I've heard that Google is going to give low rank to http sites compared to https sites, I only know that it's related to SSL certificates, but I don't know how it's really done, so if anyone can give any advice it would be helpful.
Thanks for the information, i was just curious.
Do not worry! Everything is safe and secure.
you can use Let's Encrypt authority witch support all TLD domains and issues for 3 months and you should renew it after months for free and support in most of the browsers in all platforms.
Yes, the "evil doers" can get SSL but I don't think that is much of a problem. The main security benefit of using SSL, as far as I understand, is that the traffic is encrypted so that it gets much harder for anyone to eavesdrop passwords and other security sensitive information that would otherwise have been sent in clear text.
So, yeah, SSL is probably right for many sites, but for websites that does not handle sensitive information it shoudn't be necessary.
If you think SSL is only necessary with sites handling sensitive information, you're going to be surprised.
If a site does not have SSL, the traffic is indeed unecrypted as you say. What that means is that stuff that can harm your clients will get an easy way to do so. One of them being man-in-the-middle(MITM) attacks.
Let's take the example below of what can happen.
Client A visits your site, but is intercepted by Server X. Server X then gives a request to your site, which then gets back the response.
From there, Server X then proceeds to inject a whole bunch of virus-laden stuff, and passes the modified response back to Client A.
Client A then gets infected, which isn't what you want happening to users of your site.
I can understand why Google is trying so hard with this, and applaud them. FYI, one case of MITM attacks being Comcast's injection of its bandwidth ad across all the sites you visit.
The following 1 user Likes CHT's post:1 user Likes CHT's post
Well, I guess I will eventually have to give in for the pressure, but the cost of certificates really worries me.
Yes, I have SSL here on GigaRank. Currently I'm not really using it because I just redirect all https traffic to the http equivalent, but I might change this soon. My concern has been for the future in case I have to move to another host for some reason.
I haven't really investigated any of this so many of my concerns are probably unfounded. The only places I've checked are two paid hosts from my country, because I have bought domains from them, and one of them wants 169 SEK (~19 USD) per year for SSL on a single domain (not subdomains), and 1299 SEK (~143 USD) per year for a top domain + subdomains. The other host wants 1188 SEK (~131 USD) per year. Both of them offer free Let's Encrypt certificates but I noticed that one of them had a limit of max 5 or 10 certificates depending on the hosting plan because they claim it is more work for them.
So, I guess if I ever choose to pay for hosting and SSL I will have to take the SSL prices into account when choosing what host to use. The cheapest one above isn't really that outrageous (assuming I don't use any subdomains) when compared to what I pay for a domain. I am fully aware that I might find cheaper SSL certificates elsewhere if I actually looked around.
Let's Encrypt looks great. My initial concern, without knowing anything about it, was whether it was going stay around in the long run, and that its certificates would continue to be trusted by google and all the big web browsers. After reading up on it a little bit I am now more confident. Having names such as Mozilla, Chrome and Facebook listed as sponsors/donors says to me that it's something that the big players support.
I think now-a-day if you have a site that is available to the general public and requires the user to provide information ( even just a simple registration) it need to use SSL. My wife and I were looking at doing our grocery shopping online for the convenience of home-delivery. Some places I looked at DID NOT use SSL but wanted you to create a user account providing your name, address and phone number. I actually rang a few places and told them I would like to try their service but was not going to provide my details over the net on a unsecured channel.
I just use cloudflare to have ssl on websites so far.
Are the SSL certificate of Gigarocket or Let's Encrypt better in terms of perfomance and setting up? Since there are hosts that don't recommend cloudflare, since it can have some conflicts. I would like to know what is your recommendation on gigarocket cloudflare, let's encrypt or the native ssl/tls provided?
I use SSL4FREE it is a pain to do but it works and it's free. It is basically a front end for Let's Encrypt. You have to redo it ever 3 months (if I remember correctly) but they do send you an e-mail before it expires so you can do it.