Google to mark all HTTP pages as “not secure”
How secure is your website? If you’re collecting sensitive customer information like passwords or credit card information, what are you doing to ensure and reassure customers it’s all safe?
If you haven’t already added a SSL certificate to your site, and haven’t yet made the switch to HTTPS, the secure version of HTTP, it might be time to step up.
Why? Apart from the obvious reason of making your site more safe and secure, you’ll also avoid having your site marked as “Not secure” for every potential customer to see.
Google has announced that from Chrome version 68 (Released in July 2018), the browser will label any site that isn’t using HTTPS as “Not secure”. (Previously, Chrome had shown this warning only for sites handling sensitive information such as personal details and contact forms).
Here’s an unsecured website example warning.
So you don’t have to worry about Google blocking HTTP websites, but this is still a less than ideal situation.
Considering the amount of hard work and effort it takes to attract prospects to your site, the last thing you want to do is drive them away the second they enter because of an unsecured website warning.
And you can bet your rivals are busy securing their websites: Google says that over 68% of Chrome traffic on both Android and Windows is now secured, rising to 78% for Chrome traffic on Chrome OS and Mac.
In this post we’ll explain why HTTPS has become vital to any businesses’ credibility and safety online, as well as how to get started making the switch from HTTP to HTTPS.
But before we get any further, what exactly are HTTPS and SSL?
HTTPS (Hyper Text Transfer Protocol Secure) is a secure version of HTTP. It’s most often used for ecommerce sites to make secure transactions. If you’ve visited your bank’s website and noticed a padlock icon in the top right corner, then you can rest easy knowing that the site is secure.
SSL stands for Secure Sockets Layer. It’s a protocol that provides secure connections for transmitting files. In simpler words, SSL isn’t used to encrypt a file but the connection.
So, if you have a domain like:
- https://www.example.com – You’ll know that it’s encrypted and secure since it uses HTTPS.
- http://www.example.com – You’ll know it’s unencrypted and non-secure as it’s HTTP.
Do HTTPS sites get an SEO boost over HTTP sites?
Some years ago, Google announced HTTPS as a lightweight ranking signal. This means they started showing preference for HTTPS in the search engine results page (SERPs). In other words, sites using SSL certificates are considered more secure, so they’re more trusted, which means they also deserve to get a small boost in the rankings.
However, you shouldn’t expect switching to HTTPS to have a huge impact on your search engine rankings.
Who should make the switch to HTTPS?
If you own a simple business site, HTTPS can prevent intruders from being able to passively “listen in” on any communication between your site and your users.
Is SSL necessary for B2B websites?
The answer for most B2B websites, and most B2C websites is “yes, you will need an SSL”. If you:
- Have a contact form
- Accept payments (directly or via a third-party provider)
- Collect any other kind of personal information via your website
- Have a members/logged in area of your site
Then you need to protect that information, and an SSL allows you to do this.
Should I install SSL for a blog?
Again, for most blogs the answer is probably “yes, you will need an SSL”. Things such as contact forms and comment sections are prevalent on blogs and you need to ensure the any information transmitted via these methods is protected. To do so, your blog will need an SSL.
As you can see, there are lots of reasons of complying with the Google HTTPS requirement no matter what type of website you have.
On top of a small boost in search rankings, increased security and credibility online, you also get a pretty lock symbol that immediately tells visitors your site is safe and secure.
How to get started
If you’ve decided to switch from HTTP to HTTPS, here are the steps to follow:
Find out what type of SSL is suitable for your website. The SSL certificate you choose depends on the type of website you have. For example, if you’re a start-up business the Domain SSL would be the right solution for you. But if you have an online shop, we’d recommend the Extended SSL as this helps ensure that all data is protected and secure against online threats; plus, it adds the green bar to your site with extra company details to help increase trust.
What’s very important to know is that it’s not just your domain that needs to be covered and protected. If you also have subdomains like blog.yourname.com or deals.yourname.com, these need to be protected as well, which means you’ll need a SSL certificate like the 123 Reg Wildcard SSL that covers your domain as well as any subdomains you might have.
Check out the Which SSL Certificate do I need section on our SSL Certificates page for more information on the different types of SSLs provided by 123 Reg, and which one’s best for you.
Buy your SSL. Once you’ve decided on the right SSL for your site, purchase it. You will then receive a Certificate Signing Request (CSR) file.
Apply your SSL. This process might be a bit different depending on your chosen provider, but it basically involves getting your certificate approved. Here’s how to apply an SSL Certificate on 123 Reg.
If your provider asks you to submit a CSR, this is how you can generate it from your server, although most providers, 123 Reg included, will take care and generate this for you.
Next you will need to update your website to work with HTTPS URLs. This might involve some dev work so if you don’t have the skills, it’s best to find someone with the expertise needed to help you.
When making the move, make sure to protect your SEO as a big mistake can result in a drop in rankings, and you don’t want that.
To make things easier for you, check out this SEO HTTP to HTTPS migration checklist that outlines the steps you need to take to ensure everything goes smoothly.
Read this post to learn more about why your website is displaying a not secure warning.
What to expect when migrating to HTTPS
If you’re migrating to HTTPS hoping for a significant boost in rankings, think again. Since HTTPS is a small ranking factor, you won’t notice much of a change in rankings. It’s not unlikely for it to become a more important ranking factor in the future, considering Google’s constant push for a more secure web.
What you can expect is increased security for your site. This includes communication and data exchange and collection between you and your visitors. And anyone visiting your site will know that your site is safe and secure. This means that switching to HTTPS also comes with increased trust and credibility for your brand, which are now critical to a businesses’ success online.
If done correctly, you should see any fall in your website’s SEO rankings because of the switch. You can see John Mueller of Google confirm that here.
However, if you do experience falling rankings check out this guide from Moz to help you understand what could’ve gone wrong and how to fix it.
Here’s the thing: it’s not just Google that wants a more secure web. We all do. So if the search engine giant is encouraging “all website owners to switch from HTTP to HTTPS to keep everyone safe on the web,” what’s stopping you from making the move?
HTTPS may be a small signal for now, but if Google believes it’s needed to enhance users’ experience, expect it to eventually play a bigger role in the search algorithm.
Have you migrated your site from HTTP to HTTPS? Did you notice any changes? Tweet us your comments @123Reg.