From an article by FASO Founder and President Clint Watson titled Why Your Art Website Will Soon Need an SSL Certificate
3/5/2016 by Clint Watson
"In the past, I took the position that it was not necessary for most artists to go to the trouble and expense of implementing SSL on their websites [1], however due to recent and upcoming changes in the technology landscape, I have reversed my position and I now feel that most artists should add a custom SSL certificate to their website.
This change should be made soon due to coming decreases in ssl certificate prices, improvements in web browsers' ssl support, search engine rankings, and changing visitor expectations [2]. In fact, I now feel so strongly that artists should implement SSL on their websites, that FASO just finished a months-long project of upgrading our systems to support SSL on FASO domains for all customers. There will be no additional charges for implementing SSL. We will simply include it when with your domain. This article outlines why we are implementing SSL, at no charge, for our customers.
You may not know what the term "SSL" means, but you've surely experienced it. "SSL" stand for "Secure Sockets Layer" and is the technology that allows you to visit websites over a secure, validated and encrypted connection. SSL technology is what enables you to make purchases online, provide your credit card online, and even do banking online without the bad guys being able to see all your personal and financial information. If you'd like to better understand what SSL is, I've written a more comprehensive article, "What is SSL?"
You usually know you are visiting a site over an SSL connection when you see "https" and a green lock in your web browser's address bar. I'll show you what I mean with some screen shots from the website of our friend and customer, master artist David Cheifetz. We've already implemented SSL on his FASO website.
The screenshot below shows you what the browser address bar currently looks like on David's website. Notice the comforting green lock and the green word 'https.' Those visuals tell the website's visitors, "this site is safe and secure, you can feel safe buying art from me!":
David Cheifetz's Website WITH SSL:
And the screenshot below shows you what his website looks like WITHOUT SSL.
David Cheifetz's Website WITHOUT SSL:
You might think that's not so bad, it's just kind of neutral. While the address bar without SSL doesn't show anything green to re-assure the visitor that the site is safe, it also doesn't show anything red or scary. And that's why, in the past, I didn't feel it was that important for most artists to implement SSL.
But, browsers are starting to change how the report non-SSL sites in the address bar. In fact, just this week, the latest version of Chrome changed the icon it shows on sites that do not have SSL. Here is David's site after the latest update to Chrome:
The little page icon was replaced with a bolder circle with an "i" in the middle. It demands greater attention than the previous icon. In addition, if you click the icon look at the message you will see in the screenshot below:
It reads "Your connection to this site is not private." Unfortunately, this is not a message that instills confidence in the visitor that this is a site that is safe.
However, a much bigger change is coming.
Google, the company that makes the most used web browser, Chrome, has slowly been moving toward having Chrome display a big red scary "X" on regular non-SSL sites. The little information icon we discussed above was just the first step. This red "X" will clearly tell the site visitor "this website is not safe". And you certainly don't want your site visitors thinking of your art website as "not safe!" [3] The other popular browsers have also announced their intention to implement similar warnings.
In fact, you can enable the future today in chrome by changing one option in Chrome's settings. [4] I went ahead and made that change so I could show you what David's website (and yours) will look like over a non-SSL connection in the near future:
Here's what David's site looks like in the future WITHOUT SSL: (Notice the red "X")
Yikes! We sure don't want art buyers seeing that.
In addition to the browser issue, Google announced in 2014 that sites that are SSL-Enabled will receive a ranking boost in Google search. This means that enabling SSL on your website may help your site rank better on Google.
So let's summarize the benefits of SSL:
1. Your site will be more trusted by visitors due to the presence of the comforting green lock. This means they will feel more secure in purchasing.
2. Your site will possibly rank better on Google.
3. Your visitors privacy will be maintained as bad guys will not be able to intercept information they send your site.
4. Your website will be protected from bad guys modifying your site's html (some unscrupulous public wifi providers do this to inject malware or ads into a website)
With these benefits in mind, combined with the fact that servers are more powerful now (meaning it's easier for us, as a host to handle the computing cost of SSL), and the fact that SSL certificates are becoming less expensive to obtain, we, at FASO have decided that now is the time for us to implement SSL for our customers. In short, at FASO, we are going to include a Free Custom SSL certificate with all domains registered through us.
We suggest you talk to your web host and inquire as to how you can add SSL to your website soon.
Sincerely,
Clint Watson
FASO Founder, Software Craftsman, Art Fanatic
PS - If you are a FASO customer and are interested in implementing SSL on your website, you will be receiving an email from us soon with instructions on how to enable SSL on your FASO website.
FOOTNOTES:
[1] While I didn't think SSL was needed for artist websites in the past, the exception was, of course, shopping cart pages, and any logged-in user areas. The FASO account area and shopping cart our artist websites use have ALWAYS been SSL enabled.
[2] In the past it wasn't feasible to provide an SSL certificate for each artist website for two reasons. First of all, providing SSL used to require a dedicated IP address for each website. There are not enough IPv4 addresses to support this model. Fortunately, modern browsers and operating systems have a new one to do SSL called Server Name Indication (SNI) which solved the IP address problem. The second reason was that SSL certificates used to require expensive yearly fees and were fairly cumbersome to obtain. These costs were not feasible for us, as a web host, to absorb. There are a few alternatives now to obtain SSL certificates for very low cost to free. While we still must deal with the authorization process and incur additional infrastructure and support costs, we feel we can now provide SSL.
[3] You can find details about the coming change in the Chrome web browser in this article. And you can see Google original plan to implement the red "X" browser warning here.
[4] If you want to implement the red "X" http warnings in Chrome now, visit chrome://flags, scroll down to "Mark non-secure origins as non-secure", choose "Mark non-secure origins as non-secure" from the drop down, save your changes."