You can read our full post below, but here’s the quick version for the time-challenged:
Changes being made by Google and web browsers in January 2017 make it almost certain that your church website needs an SSL certificate (green padlock) soon.
Longer version with more details:
You may not have noticed yet, but more and more of the web is moving toward having green padlocks in the browser address bar. You get that green padlock by installing an SSL certificate, which encrypts (makes private) the data sent back and forth between a website and a website visitor. Until recently, it was generally only websites that processed financial transactions that needed an SSL.
For at least the last year, Google and other major players have been encouraging everyone to put an SSL on their website, whether the site processes financial transactions or not. Part of the rationale is that even things like passwords users enter to login to accounts should be encrypted. Additionally, with increased concerns about privacy, users benefit from having their site visits encrypted – it’s very easy to “see” anything a site visitor does on an unencrypted site, while on an encrypted site, those monitoring the site visit (either maliciously or as a part of legal surveillance) can only see that a site visitor has spent time on your site, but not actually what pages they viewed or activity they engaged in on your site.
It has been announced in the last few weeks that two changes are coming very soon to more strongly encourage the move to SSL and encrypted websites. First, sometime in January, Chrome and other web browsers will start adding a “not secure” notification in the address bar of websites that do not have an SSL. Initially, this will only be on pages where passwords or credit cards are entered, but it will be coming soon to ALL unencrypted webpages. It will look like this – the top is what it looks like currently, the bottom is how it will begin appearing:
This “not secure” notification is likely to scare at least some visitors off your website, especially if you take donations on your website — even if you send your donors to PayPal to complete the transaction. But more broadly, the “not secure” notification is likely to make users leery of submitting any form on your website, whether or not money is involved — for instance even your “contact us” form. No one wants their email address or phone number, or even just their name to be accessed by hackers.
Additionally, beginning sometime in January, Google will begin to demote in search engine rankings websites that are not secured with an SSL. If you have a concern about appearing in search results with your site, you will want to install an SSL. If you are not a part of ACWP, the simplest way to get started is to contact your hosting company for help in getting an SSL installed.
Our normal fees for SSL’s on sites with financial transactions are $150 per year (certificate + installation labor). A portion of that certificate fee is insurance coverage that covers fraudulent financial transactions. IF your website does not process financial transactions on the site, we are able to offer under our ACWP hosting program a lower-cost SSL certificate that will encrypt your site, avoiding both the “not secure” notification and the lowered search engine rankings for $60 per year. This SSL would NOT include insurance for fraudulent financial transactions. If you use PayPal for donations or payments, your site would be eligible for this lower-cost SSL since with PayPal, users are taken to the PayPal site to complete their transaction.
When would you NOT want to add this non-financial SSL? If your church is small (averages less than 75 persons at worship), and you have no plans or hopes for growth or new members, you may decide to delay adding an SSL for now. Google has announced that there will be increasing pressure in the future to move toward SSL for all websites, but small churches not hoping for growth can put this off for a bit.
If your church wants to be able to process financial transactions on your website (not just donations, but any payments for events, etc.), you would want to install a full SSL with insurance against fraud.
If you have any questions about SSL’s, what will be happening with Google and browser warnings, or how ACWP might be able to help with your site, please don’t hesitate to be in touch.