Time’s up: Your site needs an SSL certificate … now

June 27, 2018

Once again, Google has done that thing where its internal decisions are sending waves through the online world. The latest one is about online security, specifically SSL certificates.

From July 2018, the search giant has announced that any webpage that doesn’t begin with HTTPS – and the S being the crucial part – will be deemed Not Secure. And that’s a lot of sites: about half to two-thirds of all websites are not HTTPS enabled.

It means every user for those millions of sites is going to log on and the first thing they will see in the URL bar is a Not Secure page warning. Is Not Secure really the very first thing you want your visitors to see as soon as they click on your URL?

It won’t be a good look for any businesses still operating – even if perfectly safely – on an HTTP site when the deadline hits.

What your url will look like after July 1 2018

Google Chrome 68 Not Secure notification

SSL is really important for WordPress hosting. Anyone logging in has to be secure, because there could be a hacker sniffing around and if there is an unsecured part of your WordPress site, they will find it.

Not your hosting service (such as GoDaddy), nor your ISP (such as Bigpond), nor your web developers (such as us) has any control over this message coming up or power to stop it.

Getting your site up to HTTPS standard is not a “maybe” job. This was only announced quite recently and it will kick into effect in just a few weeks.

It would be bad if this was just for when your URL is in the search results, but this will also apply to your traffic coming from AdWords clicks too – and you’ll still pay for the click that leads the potential customer to the Not Secure warning!

This alert will also likely increase the opt-out rate where the potential customer will not proceed to the website, this will reduce the relevancy and therefore increase there average “cost per click” on Google AdWords.

Now that you are as worried as you should be, let’s look at a few points about what Google’s decision to effectively mandate SSL means.

Q: What is SSL anyway?

A: SSL stands for Secure Sockets Layer. It is an online security protocol that generates a “certificate” authenticating a website and, further, means that all traffic going out of or coming into your site is encrypted.

An SSL certificate encrypts what gets sent to and from your site. When your user types something into, say a form,  and sends it, hackers can capture it. On an unsecured site that can be anything at all, any log-in details, all the information in a form, credit card numbers if you have an unsecured e-commerce check-out.

Having HTTPS does not stop hackers from seeing “something” if they breach your security, but the data they can see is strongly encrypted. Even military codebreaking geniuses can’t decipher it. Only the intended sender and recipient can.

Q: But I have antivirus, why does my site need SSL?

A: Anti-virus detects and neutralises malicious software and code on a computer’s hard drive. An SSL certificate creates a safe and secure connection between a server and the browser on your computers. If anti-virus can be thought of as home security, then an SSL certificate is like having the mail checked by the bomb squad and then delivered to your house under guard.

Q: How is this a worry for my AdWords?

A: If your site does not have HTTPS status, bringing your site up to code will also require a rebuild of all your AdWords Campaigns and update all your site links. Remember, every click from Google Search or AdWords into a non-HTTPS site will trigger the Not Secure warning.

There’s a further catch too, Google says it is going to take at least 24 hours for it to approve all your AdWords changes. For bigger campaigns, this could be the best part of a week. During this changeover time your AdWords presence will be zero.

Q: Why is Google cracking down on SSL now?

A: Google has been pushing SSL pretty hard for a while now and a new version of Chrome is coming along in July. Further, recent changes to European Union laws about online security and privacy are having global ramifications. Google SSL deadline is simply part of a larger ongoing trend. Introducing it as a new feature in the latest version of the world’s favourite browser was going to happen sooner or later. Turns out it is sooner.

Q: What can I do to make sure my site is HTTPS ready?

A: There are two parts to getting your site HTTPS ready. First,  you need to get your website ready. To do this you need to force SSL which makes sure the SSL file registers as the default. If this happens the HTTPS address will be returned whenever your links are clicked.

If you’re using WordPress, you can get a force SSL plugin or you can do it by using the .htacess file, which is quicker and easier if you have the technical knowledge.

Both the manual .htaccess method and the WordPress plug-in do roughly the same thing. For an expert, the .htaccess method is simple, quick and permanent. It is, however, beyond the skills of a non-expert. These people could use the plug-in. While easier, it does add yet another plug-in to your WordPress back-end – increasing overall site bloat and website maintenance load.

If you choose to install an SSL certificate yourself, products like Let’s Encrypt make it easier than ever. Check your website host for easy install options.

My opinion is that using a plug-in isn’t bad as such, it’s just not the optimal solution in this case. If the more technical method is beyond the scope of your business’s technical knowledge, get in touch with us and we can do it for you.

Second, there are numerous minor hiccups that can happen with this update, but we have done this enough times to know where they are and do something to prevent them.

A final note, like many agencies, SSL has always been included in Mash Media’s premium hosting package, but that is now changing. On the heels of Google’s new announcement, we will no longer host any non-SSL websites. It’s just not worth the security or commercial risks for our clients anymore.


Through many years of a changing internet landscape and states of the economy Mash Media constantly deliver what I believe is as good as you can get! We receive responsive personalised service that I have not experienced with any other provider, large or small. Forget the rest, you won’t be disappointed, Mash media delivers hands down the best return on investment in the online marketing world. Whilst there is never a guarantee that things remain the same (especially when technology is involved), you can be assured that the team at Mash Media will be one of the first to adapt and take advantage of on your behalf. This has been my experience to date and I have no reason to expect this to change.
John Travelli - Ceramo.
I have the honour ​of​ writ​ing​ a testimonial for Mash Media and in particular its owner Sharney Ryan. I have been with them for now over 5 years​! And wouldnt consider going anywhere else again.​ The​y are a great team who have a​ genuine interest in helping my practice succeed with Marketing, Adwords and Website​ & SEO has been superb.Prior to them advising me i had spent significant sums with large organizations, only to find that much of the budget was spent on their overheads and profit before being applied to my business.This company ​truly ​delivers.
Dr Ron Binetter - AIES.
I have been dealing with Sharney for many years and followed her from her last posting in a Corporation as Sharney displays skills and knowledge in this minefield of an industry. I am very pleased to be part of Mash Media’s growth from a one-man band to where they are today with employees and offices all over. We are treated well and never pushed to increase our spend like the big guys do. Sharney and her team make our digital life clearer and easier.
Richard Wilson - Richard's Tyre Power.
If there is a better Digital Agency going around than Mash Media, then I haven't found them. And I have been looking for a long time!! We had an urgent need to get a site up and Sharney and Ben turned it around in 72 hours. Took a brief, clarified the brief, made the brief better than I thought possible. A great overall experience and just goes to show, botique is better!
Vincent Kelly - Viridor.
Sharney and Michael made sure they understand our business and Mash Media have an excellent campaign manager in Michael. His attention to detail and his hands-on approach to optimising our adwords campaign is what brought us back to Mash Media. We tried another campaign manager during the economic downturn, but came back to Mash Media when it became clear they could convert more enquiries, in spite of the economy.
Andrew Langdon - Sentinel Self Storage.
4 years and counting with the awesome Mash Media Team. They have been doing a great job of looking after our Adwords. More recently they have created a couple of different tailored websites that proved to save our adword cost by over 40%.......these websites paid for themselves in 6mths over the old clunkers. Superb results. Lovin’ their work.
Alex Brown - The URECO group of companies.