Is My Website Secure? Non-HTTPS Pages Labeled “Not Secure” by Google
Beginning at the end of January, Google Chrome’s newest version 56 is released. With the recent wave of concerns over cyber security, there are big changes in the way that Google will be treating website that are not using HTTPS – also know as Secure Socket Layer encryption (SSL)
Although the timeline for these effects are unclear, here’s what you need to know:
Non HTTPS Pages Labeled “Not Secure” by Google
- What is SSL?
- Why does HTTPS matter to Google?
- If your site isn’t using SSL, your users may have big concerns with Google’s warning
- Seach engine rankings will likely be affected by Google’s perception of security on your site
- How do you get on board with SSL?
So here’s the deal. Your website needs to be running SSL encryption. It used to be that only ecommerce websites or sites handling the exchange of sensitive information bothered to set up SSL. This has changed big time…and it’s reshuffling the deck to some degree in Search Engine Optimization.
Secure Socket Layer encryption basically protects information as it’s passed around the web. When you visit Amazon.com and buy a birthday gift, you’re giving away some pretty important info: credit card numbers, contact information, addresses, and some other preferences.
SSL is a nifty system that sets up a unique 1-time connection between your computer and Amazon (think of a digital pipe) while you’re on these web pages. This connection is made up of a bunch of code to keep hackers from tapping the wires and intercepting the messages.
When you’ve completed your purchase, the pipe evaporates without a trace. This keeps the bad guys from stealing credit card info.
HTTPS replaces the HTTP designation at the front of a website URL when the page is SSL protected. It’s just a label…the extra “S” stands for SSL.
Google’s job is to reward the best websites and downgrade the risky or less beneficial website. It is their position that online security is a bigger factor in judging a website’s reliability than ever. Google is now encouraging websites to get rid of the plain old HTTP in favor or HTTPS. Over time, Google Chrome is going to perceive any website without the HTTPS designation as being “Not Secure”.
3. What will my website visitors see?
It’s a phased rollout…and it’s already happening. Initially, they’ll add a “Not Secure” label to password pages, credit card pages, or any pages viewed in “Incognito Mode“. It’ll look something like this:
In phase 2, Google with turn up the heat and will lable every page with the plain HTTP label like this:
This may confuse and even deter your visitors because they might think that your site has been hacked or somehow compromised. They likely won’t consider that it’s just a precautionary measure from Google.
4. Will search engine rankings be affected?
One can only assume. Nobody really knows what’s in Google’s ranking algorithm, but if we think about it logically, Google is in the business of helping web users.
They obviously consider less secure websites inferior to those more secure sites with the HTTPS designation. It is our stong opinion that search results and rankings will somehow account for this ideology.
With two otherwise equal websites, it stands to reason that Google would prefer the more secure site over the less secure site when it comes to page ranking.
We suggest moving over to HTTPS regardless.
If you need a little SEO refresher, here’s a recent article to help you with Search Engine Optimization Basics…or check out our ebook.
5. How do I get the HTTPS designation?
Well, you need SSL encryption. It’s not that difficult and your hosting provider should be able to take care of this for you pretty easily. Most will do it for free, and others have some pretty simple documentation to do it yourself. If you’re not an expert, be careful…you want to get this right.
Here’s Google’s technical description for implementing SSL on your website. If you’re already set up with SSL (your URL already has HTTPS), then congrats and you’re good to go!
Last thought…an ounce of prevention is worth a pound of cure
Get on this ASAP. Online security for your visitors, and your search engine rankings are far too valuable to leave to chance. Your users are going to be surprised to see that your site isn’t considered secure…and it will probably cost you business.
If you’re thinking of a new website, make sure your developer knows what they’re doing and you get set up with SSL encryption from the beginning.
It’s an easy fix and likely comes at little to no cost. Send me a message or comment below if you’d like some assistance.