Many internet users trust Google implicitly and assume they will deliver websites which are safe and secure. Google illustrate this by labelling the site as either secure or not secure, with a padlock icon next to the URL. Over the last few years the company have been changing their approach to how they distinguish between secure and unsecure websites, more specially when it comes to http and https.
Hypertext Transfer Protocol or HTTP is a way of facilitating communication between systems- for example between a browser and server. Although this protocol has been utilised by the majority of websites, it does have one massive flaw and that is security. HTTP data is not encrypted which means it is incredibly vulnerable to hackers and possible theft of data. HTTPS or Hypertext Transfer Protocol Secure attempts to fix this problem though the use of Secure Sockets Layer (SSL) certificates. This SSL certificate encrypts the data when it’s moving between the browser and server- securing it against theft or loss.
Google is trying to encourage site owners to make the jump from HTTP to HTTPS but obviously this is a big undertaking and their plan is very much a long term one, with numerous smaller steps involved. At the beginning of 2017, Google started the process specifically with website that collects sensitive data such as passwords or credit card information- marking them as unsecure on Google Chrome if they didn’t have a HTTPS connection. Obviously a “not secure” label on a website can have a negative effect on a company’s reputation and many websites have moved from HTTP to HTTPS as a result.
October of 2017 brought another change in policy with Google warning that any website that used a HTTP connection and allowed for any inputting of data would be labelled as not secure- even if it’s only a search box. Furthermore, it was also at this point that Google labelled all HTTP pages as not secure when people were browsing using their incognito mode on Chrome. The idea behind this being that users expect a certain level of privacy on Incognito and this would place further pressure on HTTP websites to make the change.
The next big move from Google isn’t far off- July 2018 will see the release of Chrome 68 and it is at that point that Google will being marking all HTTP websites as not secure. As this is quite a bold move, it’s expected that many of the remaining sites that haven’t migrated to HTTPS will do so before or at this point in order to avoid the dreaded not secure label.
Considering these changes are coming very soon, any websites that haven’t made the switch to HTTPS should really look in to implementing the change. Not only will you avoid having an “unsafe” website, it has also been shown that Google rewards HTTPS websites in their search ranking- with a modest boost.
There are clearly some issues which are dissuading site owners from migration- most notably cost and the perceived complexity of the process. The actual process itself isn’t as complex as it may seem, it’s basically buying and installing an SSL certificate. Even more surprising is that the cost isn’t substantial- you can get an SSL certificate for a small yearly subscription. In fact, you can even get a free certificate from Let’s Encrypt. Fortunately, there are a plethora of detailed guides online which outline each step of the process, including purchasing, installing and verifying your certificate.
It’s also worth noting that migrating from HTTP to HTTPS will technically appear as an URL change so you will have to make sure to update all hard-coded links but there are tools out there that can help. Furthermore, this URL change can also temporarily affect your website traffic but this will normalise within time.
Any websites that don’t migrate to HTTPS before the July deadline will risk a not secure label and a potential loss in visitors and maybe even revenue. It has never been a better time to make this change.