Your website may be marked "Not Secure" by Google

Google is releasing a new Chrome update next month that will most likely affect your website.

Basically, in the view of making the web a safer and more secure place, Google is strongly encouraging websites to use a thing called HTTPS.

If you’re not using HTTPS and someone visits your site using the Google Chrome browser they will get a lovely warning in their address bar say your site is “Not Secure”. If you are, they’ll see “Secure” along with a padlock icon.

Having your site marked “Not Secure” isn’t a particularly good look. When Google rolled out the first part of this update in January – only affecting sites with password or credit card fields – there was a 23% reduction in the fraction of navigations to HTTP pages that contained these fields.

Which makes sense. According to a European survey by GlobalSign, 77% of us are concerned about our data being intercepted or misused online.

While this only update only relates to the Chrome browser and there are a number of browsers your website visitors could be using, Google Chrome is easily the most popular internet browser with a usage share of somewhere between 46% and 60%. That’s a big percentage of your traffic!

So, what exactly is HTTPS and how do you “get it”?

Read on.

HTTP, HTTPS, and SSL

Firstly, some simple definitions:

HTTP

HTTP stands for HyperText Transfer Protocol and is the standard procedure for sharing information on the internet.

Look at your website address in your browser’s address bar, you’ll probably see HTTP beside it. For example: http://www.system7.co.nz.

HTTPS

HTTP works very well. However, since there’s no secret to how information is shared using it, it’s not very difficult for this information to be intercepted.

So, HTTPS (the “S” stands for Secure) was developed where the information is encrypted. In order to read it you need to know the “code”. Only the sender (your website) and the recipient (your visitor’s computer) know the code to decrypt the encryption.

SSL

A thing called an SSL Certificate is what is used to encrypt the data and share the necessary information with the recipient to decode the data.

We won’t go into any more detail that but you can check out a detailed explanation here.

Google Chrome Update Version 62 – October 2017

The new update follows version 56 in January and extends warnings to visitors of sites which are not using HTTPS and contain fields users can enter data into. This could be anything, including email subscription fields or contact forms.

For this update, the “Not Secure” badge will only show when the user types data into a field on an HTTP page, not all the time. However, if someone is viewing your site in Chrome’s Incognito mode, you’re out of luck and the badge will be visible the whole time.

This is just the beginning. Ultimately, Google wants all websites to be using HTTPS:

“Eventually, we plan to label all HTTP pages as nonsecure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.”

- Emily Schechter, Chrome Security Team

That’s a pretty good reason to switch your site to HTTPS.

Other reasons to switch to HTTPS

Other than displaying an off-putting “Not Secure” badge to visitors of your website in certain circumstances, why else should you care?

More accurate analytics data

Open up Google Analytics and have look at where the traffic to your site is coming from. A significant proportion will be labelled “Direct Traffic”.

Some of this is made up of people directly typing your website domain into their browser’s address bar.

The rest is what is known as “dark” web traffic. Simply, if your analytics program can’t work out where the traffic came from, it throws it into the “Direct Traffic” bucket.

One of the ways this can happen? When your HTTP site is sent traffic from an HTTPS site.

Once you've migrated your site to HTTPS you won’t lose this referral data anymore and will have more accurate analytics.

It helps with SEO

Way back in 2014, Google signalled its intentions to encourage the adoption of HTTPS. This was coupled with adding HTTPS as a ranking signal in Google Search results.

It’s a small boost but every little bit helps!

Speed

HTTPS sites actually load faster than HTTP sites.

Security!

Rather an obvious one. HTTPS provides three key layers of protect to data that is being sent on your website:

Encryption: Data being exchanged on your website is encrypted so your visitors can’t be eavesdropped on, their activities tracked, or their information stolen.
Data integrity: Data being transferred cannot be modified or corrupted without being detected. This could be intentional or not.
Authentication: Builds trust with your users – which is definitely a good thing!

How do I upgrade my website to HTTPS?

The good news is that it shouldn’t be too expensive to switch your website to HTTPS.

SSL Certificates are not costly and then it is just your web developer’s time install the certificate and make the necessary changes so your site runs perfectly.

Talk to your web developer

Your first step is to talk to your web developer and they will let you know which SSL Certificate is right for your website (yes, there is more than one) and what needs to be done to your site.

The process can be a little involved with larger sites because part of the process is updating all your links so that any traffic coming in from http:// (your old links) redirects to https:// (your new links).

A good web developer will map these all out correctly and have your HTTPS website up and running with no issues or broken links.

Conclusion

There really isn’t a good reason to not switch your site to HTTPS. And with Google’s latest Chrome update potentially affecting how your visitors view your website, now is the time to do it.

If you’re still feeling confused about HTTP, HTTPS, and SSL – give us a call.