Chrome to mark HTTP pages as not secure, and what this means for your small business
How secure is your website? If you’re collecting sensitive customer information like passwords or credit card information, what are you doing to ensure and reassure customers it’s all safe?
If you haven’t already added a SSL certificate to your site, and haven’t yet made the switch to HTTPS, the secure version of HTTP, it might be time to step up.
Why? Apart from the obvious reason of making your site more safe and secure, you’ll also avoid having your site marked as “Not secure” for every potential customer to see.
In case you haven’t heard, beginning January 2017, Google Chrome 56 will start showing a warning for unencrypted sites that collect sensitive information like passwords or credit card information, and labelling them as “Not secure”.
So if your site is not secure by January, your visitors will see a warning that looks similar to this one:
Considering the amount of hard work and effort it takes to attract prospects to your site, the last thing you want to do is drive them away the second they enter your site because of a warning telling them your site isn’t secure.
In this post we’ll explain why HTTPS has become vital to any businesses’ credibility and safety online, as well as how to get started making the switch from HTTP to HTTPS.
But before we get any further, what exactly are HTTPS and SSL?
HTTPS (Hyper Text Transfer Protocol Secure) is a secure version of HTTP. It’s most often used for ecommerce sites to make secure transactions. If you’ve visited your bank’s website and noticed a padlock icon in the top right corner, then you can rest easy knowing that the site is secure.
SSL stands for Secure Sockets Layer. It’s a protocol that provides secure connections for transmitting files. In simpler words, SSL isn’t used to encrypt a file but the connection.
So, if you have a domain like:
- https://www.example.com – You’ll know that it’s encrypted and secure since it uses HTTPS.
- http://www.example.com – You’ll know it’s unencrypted and non-secure as it’s HTTP.
Google and HTTPS
Two years ago, Google announced HTTPS as a lightweight ranking signal. This means they started showing preference for HTTPS in the search engine results page (SERPs). In other words, sites using SSL certificates are considered more secure and as such deserve to get a small boost in the rankings.
At that time, HTTPS was a minor ranking factor. It still is, even now. But since Google takes security on the web very seriously, it’s likely for HTTPS to become a lot more important in the future.
Just look at the results of Google’s efforts:
More than half of pages loaded and two-thirds of total time spent by Chrome desktop users occur via HTTPS. While HTTPS is less popular on mobile devices, it’s starting to catch on.
You can find more stats and useful information about HTTPS usage around the world in Google’s Transparency Report.
Who should make the switch to HTTPS?
If you own a simple business site, HTTPS can prevent intruders from being able to passively “listen in” on any communication between your site and your users.
If you have an online shop or a site where users leave sensitive data like name, address, passwords or credit card information, then HTTPS is a must to ensure safe transactions and data protection.
As you can see, there are lots of advantages to making the switch to HTTPS (and lots more here) no matter what type of website you have.
On top of a small boost in search rankings, increased security and credibility online, you also get a pretty lock symbol that immediately tells visitors your site is safe and secure.
How to get started
If you’ve decided to switch from HTTP to HTTPS, here are the steps to follow:
Find out what type of SSL is suitable for your website. The SSL certificate you choose depends on the type of website you have. For example, if you’re a start-up business the Domain SSL would be the right solution for you. But if you have an online shop, we’d recommend the Extended SSL as this helps ensure that all data is protected and secure against online threats; plus, it adds the green bar to your site with extra company details to help increase trust.
What’s very important to know is that it’s not just your domain that needs to be covered and protected. If you also have subdomains like blog.yourname.com or deals.yourname.com, these need to be protected as well, which means you’ll need a SSL certificate like the 123 Reg Wildcard SSL that covers your domain as well as any subdomains you might have.
Check out the Which SSL Certificate do I need section on our SSL Certificates page for more information on the different types of SSLs provided by 123 Reg, and which one’s best for you.
Buy your SSL. Once you’ve decided on the right SSL for your site, purchase it. You will then receive a Certificate Signing Request (CSR) file.
Apply your SSL. This process might be a bit different depending on your chosen provider, but it basically involves getting your certificate approved. Here’s how to apply an SSL Certificate on 123 Reg.
If your provider asks you to submit a CSR, this is how you can generate it from your server, although most providers, 123 Reg included, will take care and generate this for you.
Next you will need to update your website to work with HTTPS URLs. This might involve some dev work so if you don’t have the skills, it’s best to find someone with the expertise needed to help you.
When making the move, make sure to protect your SEO as a big mistake can result in a drop in rankings, and you don’t want that.
To make things easier for you, check out this SEO HTTP to HTTPS migration checklist that outlines the steps you need to take to ensure everything goes smoothly.
What to expect?
If you’re migrating to HTTPS hoping for a significant boost in rankings, think again. Since HTTPS is a small ranking factor, you won’t notice much of a change in rankings. It’s not unlikely for it to become a more important ranking factor in the future, considering Google’s constant push for a more secure web.
What you can expect is increased security for your site. This includes communication and data exchange and collection between you and your visitors. And anyone visiting your site will know that your site is safe and secure. This means that switching to HTTPS also comes with increased trust and credibility for your brand, which are now critical to a businesses’ success online.
With HTTPS you also get access to better referral data in your Google Analytics. Let’s explain: Google is HTTPS. So if your website is HTTP, a click from Google (like the search result pages) to your site will result in loss of referral data as secure connections don’t pass this to insecure connections. This means that your organic traffic could be reported as direct due to the loss of the referral data. This also happens from other websites when the HTTPS to HTTP condition is met.
Now, after migrating your site to HTTPS you might notice some small fluctuations in ranking. Don’t panic; it’s normal for this to happen while Google recrawls and reindexes your site. If the fluctuations persist or your ranks just keep on falling, check out this guide from Moz to help you understand what could’ve gone wrong and how to fix it.
Here’s the thing: it’s not just Google that wants a more secure web. We all do. So if the search engine giant is encouraging “all website owners to switch from HTTP to HTTPS to keep everyone safe on the web,” what’s stopping you from making the move?
HTTPS may be a small signal for now, but if Google believes it’s needed to enhance users’ experience, expect it to eventually play a bigger role in the search algorithm.
Have you migrated your site from HTTP to HTTPS? Did you notice any changes? Tweet us your comments @123Reg.