Browse by category

Blog archive

2020March 2020 (3)February 2020 (1)2019December 2019 (2)October 2019 (2)September 2019 (2)July 2019 (3)June 2019 (2)May 2019 (1)April 2019 (2)March 2019 (1)February 2019 (2)January 2019 (2)2018December 2018 (2)November 2018 (1)October 2018 (2)September 2018 (1)August 2018 (2)July 2018 (1)June 2018 (1)May 2018 (1)April 2018 (1)March 2018 (2)February 2018 (2)January 2018 (4)2017December 2017 (6)November 2017 (4)October 2017 (5)September 2017 (3)August 2017 (3)July 2017 (3)June 2017 (1)May 2017 (2)April 2017 (1)March 2017 (1)February 2017 (2)January 2017 (2)2016December 2016 (2)November 2016 (1)October 2016 (1)September 2016 (1)August 2016 (1)July 2016 (1)2015December 2015 (1)January 2015 (1)2013December 2013 (1)2012November 2012 (1)

Running your website over a secure connection (HTTPS) is fast becoming the norm. 

What is HTTPS?

When you complete a form on the web, the information you send is routed through dozens or even hundreds of computers between you and the website you're sending it to. 

If the website's address starts with HTTP:// then all the information that you send to that site is unencrypted, and could potentially be read by any one of those computers en route.

Because of this, the web is moving more and more towards using HTTPS://  where the S means it's secure. You'll often see a little padlock icon next to it. 

This means that all the data you send to the website, and everything they send back to you, is encrypted. None of the computers in between can read your information.

Google want you to use HTTPS

Google have been pushing this as the new standard for a few years now, but starting in January 2017 they're getting really serious about it.

As you can see in this blog post from the Google Security Blog, they're going to start showing "Not secure" text next to websites that have password or credit card fields:

Eventually, Google will extend this to any website that runs over HTTP, and this text will be in red with a warning triangle next to it:


September 2017 update:

We're now receiving warnings about any details that your users send to you over a non-secure connection:


What are my options?

To make your website run over HTTPS, we have to buy and install a document called an SSL certificate.

It's a digital set of keys that allows your website to communicate with your visitors securely. We offer two kinds of SSL certificate.

Organisation validation

This is a high-quality certificate, which involves a series of steps to verify your company identity. It can take a couple of days to validate, and will need bank statements and utility bills to obtain. The result is a very trustworthy certificate that gives a good impression to your site visitors.

We recommend this kind of certificate to large organisations and public sector bodies.

We charge £120 +VAT per year for this service because of the work involved. 

Domain validation

This is a basic certificate, doesn't require any verification and is granted immediately based on the information on your domain name. It doesn't have the respectability of the certificate above but still ensures that all data transmitted to and from your website is encrypted.

We recommend this kind of certificate to smaller organisations and personal websites

We charge £50 +VAT per year for this service. 


At the end of the day it's your choice whether you want to secure your website by running it over HTTPS, but from January 2017 Google will start highlighting that your website is insecure. 

We strongly recommend buying a secure certificate of one kind of another, at the very least you should have a Domain Validation certificate. 

Please give us a call or send us an email if you want to discuss it.

Tagged under: Build a better website   Privacy   HTTPS   Google   Security