UPDATE:
At the end of July 2018, Chrome 68 became available for download. The most noticeable new feature in the Google update is the “Not secure” message in front of any non-secure site URL.
Chrome makes it obvious for users to recognize these non-secure sites today. Previously, an informational “i” con would appear next to a URL and users would have to hover over this in order to discover the page they were browsing wasn’t a secure site.
If you’re a non-secure site owner, the update is a big deal. Even if users don’t enter private information on your site, seeing a “not secure” message will likely increase your website’s bounce rates and affect traffic, conversions and other site engagement metrics.
ANNOUNCEMENT: Starting in July 2018, Google, along with several other browsers, will begin warning all users against accessing your website…
…unless you have an HTTPS connection.
I’m sure that you have lots of questions:
What is HTTPS?
Why does Google want everyone to have it?
And most importantly, what do I have to do to avoid these new regulations from impacting my business?
For starters let’s imagine that the homepage of your website is like the front entrance to your business, and starting in July, Google, Firefox, Internet Explorer and several other popular browsers will be standing outside that front door with a big red sign that says:
“Don’t go here. You won’t be safe!”
And they won’t be lying.
Take a look in your browser’s URL bar. You should notice a green padlock in the left hand corner. If you’re using Google or Firefox, you’ll also notice the word “Secure“beside the padlock.
This is Google’s way of letting users know that the owners of this website has taken measures to protect its visitors.
If this weren’t a secure connection this is what you would see.
Many users have already learned to look for the green “Secure” notification to protect themselves while browsing the web. Most browsers are adamant about informing their users about the risks posed to them by utilizing unsecured web pages, apps, and tools. When you click on the gray information icon the first red sign appears warning all users not to enter any personal information on your site.
This can seriously impact your marketing efforts as cautious users will be wary of entering their contact information into lead generating newsletter subscription forms.
Currently, this warning only appears if a user is curious enough to click on the information icon in the left hand corner, but that’s only for web pages that don’t take payments or ask for passwords.
This is what you would see on any page that asks a user to input sensitive information:
Big. Red. Sign.
Starting in July, the subtle gray information icon will also turn red and be followed by the words “Not Secured.” Nobody wants that.
Google takes things even further. In addition to warning people against accessing sites without proper security, Google also ranks sites according to their security. While your SEO efforts shouldn’t hinge on your level of security, it is a factor that can influence where you appear in users’ search results. In most cases, security level acts as a tiebreaker between otherwise equally-ranked sites. If your site ranks 3rd or 4th in Google’s search results for certain queries, you can find yourself boosted to the top of the list or pushed to the bottom depending on your site’s security. Once you’ve done all that you can to increase your site’s visibility, adding adequate security will not only protect your users, but it could also increase the amount of users visiting your site.
Let’s dive in and get an understanding of what your browser considers secured and unsecured.
HTTPS, or hypertext transfer protocol secure, is the secured version of the usual (HTTP) protocol that all data on the web is transferred across. A regular HTTP page is in “plain text” and can be read by anyone—malignant or otherwise—that manages to hack into the connection between the browser and your users. This poses a serious security risk for both you and the users that visit your web pages.
Without a secured connection, things like passwords, credit card numbers, and other sensitive information on your website are accessible to anyone with the right skills and knowledge.
How do you protect your users? By getting an SSL or TLS certificate.
HTTPS pages use SSL (Secure Socket Layers) or TLS (Transport Layer Security) protocols to encrypt the information sent between the web page and the user.
SSL and TLS are small data files that work by using what is known as an asymmetric PKI or Public Key Infrastructure.
Yes I know, those are a lot of acronyms to remember. It will all make sense soon.
The PKI system uses two keys: one public and one private. The public key is used to encrypt the communications between your website. The only way to decrypt it is by using the private key. The private key remains safely hidden on the web server away from prying eyes while the public key is used by anyone who enters information into your website.
With an SSL or TLS certificate in place, all communications between the user and your web page are encrypted, so even if someone were to hack into the page, they wouldn’t be able to decipher any of the information.
So where can you get an SSL or TLS certificate?
Certificates need to be issued by a trusted Certificate Authority. All browsers maintain a list of trusted CA certificates.You can start by contacting your hosting company. Most web hosts offer certificates for discounted prices to their users, though you may have to contact your developer to have it installed on the server.