As you may have heard, Google is increasingly pushing all websites to move to a more secure structure. This is to keep your personal browsing information and history safe.
In January 2017, Google updated Chrome so that all Chrome users would see a “Not Secure” warning whenever browsing a website that included password or credit card information fields.
Now, Chrome (version 62) has expanded the warning to include:
- when users enter data on an HTTP (non-secure) page
- on all HTTP pages visited in Incognito mode
Eventually, Google’s Chrome browser will show that Not Secure warning to all HTTP pages regardless of incognito mode. Like this:
That’s just one of the reasons why this is an important consideration for any website and online business owner. We’ll walk through what the various terms mean, what the ramifications are for switching or not, and what that might entail.
What Do All These Terms Mean?
Here are the common terms and phrases that you’ll see used throughout this article and other resources:
HTTP – Stands for “HyperText Transfer Protocol.” It’s the foundation of data communication for the World Wide Web.
HTTPS – Stands for “HyperText Transfer Protocol Secure.” It’s simply the secure version of HTTP.
SSL – Stands for “Secure Sockets Layer.” It’s the standard security technology for establishing an encrypted link between a web server and a browser.
Specifically, SSL is a certificate installed as part of your web host. It makes your site secure. It ensures that all data passed between your site’s server and a user’s browser is encrypted and protected.
When browsing a secure website, you’ll see a SECURE label to the left of the site address in your browser. You can click on that label and view information about the site’s certificate, as well as confirm that any information you may send to that site remains private.
What Exactly Is Google Requiring?
While Google eventually wants all websites to install an SSL Certificate and use HTTPS, the current focus is on any site where information is actively collected from a user.
We’re not talking about aggregate visitor information, such as page views or bounce rate, but rather form fields that you might fill in with information. Such as:
- Credit Card details
- Street Address
- Phone Number
- Mother’s Maiden Name
And so on.
If your website has any form fields of any kind, as of Chrome version 62, visitors will see a label that your site is not secure if it isn’t using HTTPS.
Here’s a segment from the Google Chrome Dev Summit 2016 talking about the need for HTTPS:
Should Online Businesses Be Worried?
You might be tempted to think that this isn’t a big deal. Who really looks at that label area in the browser anyways, right?
Let me persuade you otherwise..
While you might be right today, over time, more and more Chrome users will be conditioned to think about the security of their data and will be paying attention to whether or not a site is secure.
Eventually, we’ll all come to expect that sites we visit are marked ‘green.’ Which means that your site, if it’s not secure, could begin to have a negative impression on visitors.
What’s more, Google has said since 2014 that the security status of a site is a strong ranking signal. That means, all things being equal, that a site using HTTPS will outrank a site still on HTTP.
And it’s been shown that websites running the HTTPS protocol actually load faster than sites on HTTP!
Combine a negative impression on potential site visitors, a poor Google ranking signal, and a slower performing site, and you have a recipe for search engine disaster.
That’s definitely something to worry about!
What Should Website Owners Do?
Unfortunately, switching to HTTPS may take a bit of work, and it’s not without risks.
SSL certificates can be acquired inexpensively, even free in some cases, and installed relatively quickly with the assistance of your web host. But it’s likely you’ll have more tasks to work through, depending on your website.
First, understand that your website’s URL will now be https:// instead of http://, and that is considered a completely different site. While web traffic (anyone who clicks on a link elsewhere) will go to the https:// version of your site if 301 redirects are used, this change has a number of ramifications.
Images that you have embedded throughout your site, for example, may need to be updated. If the image code used the full http:// URL for the image file, you will need to update that code to use https:// instead.
Similarly, any scripts or CSS files that your site might use must be updated.
If you do not update, that your website may contain non-secure resources. Why? Because it sees that the site uses HTTPS but some of the images or scripts are called using HTTP URLs.
Second, since HTTPS is a different URL, some of the social networks you’re displaying social proof (share counts) from may be affected.
If you’ve had a lot of success with some of your content on social media, losing that visible proof of success may be troubling. Individual network support for HTTP vs. HTTPS, as well as whether they display share counts at all, is changing rapidly. So you’ll want to look up whether your preferred networks will be affected at the time as you consider switching.
Third, and perhaps most importantly, backlinks to your site from other websites may be lost.
If they linked to your domain name, like www.sitesell.com, it will be fine. But if they linked to the full URL of https://www.sitesell.com, that’s a problem. Even though it’s Google that is forcing encouraging the change, they have not integrated this basic knowledge into their search engine.
Since only the owner of a domain name can install an SSL certificate for that domain name, there’s no reason why HTTP and HTTPS links should be treated differently. But they are.
Which means you may be looking at a significant loss of backlinks when transitioning to HTTPS, and that may impact your search rankings and traffic.
Of course, if you don’t switch to HTTPS, you’re very likely facing a loss of ranking and traffic, so it’s really a question of how soon do you want to bite the bullet and get it done.
All in all, if you’re expecting to get a significant amount of search traffic in the next few years, you should plan on switching to HTTPS.Neil Patel
Solo Build It! Has Members’ Backs
Fortunately, if you’re a member of the Solo Build It! community of solopreneurs, SiteSell has you covered.
When Google announced this move toward 100% HTTPS usage, Solo Build It! developers began working on a solution for our members — one that would make it as easy as possible for them to secure their sites, while mitigating as much risk as possible.
In September, we released a Site Check tool that allowed members to quickly run a report that identified any potential issues or tasks they should be aware of prior to converting to HTTPS.
For instance, if you had embedded an image using the full http:// URL, the report would let you know that.
Then, after extensive testing, the ability to enable HTTPS was provided to all members! With a click of a button, each member’s site has a free SSL certificate installed and configured, including automatic 301 redirects of all existing HTTP URLs to HTTPS versions for optimum search engine compatibility. (New SBI! members automatically have HTTPS enabled when they register their domain name.)
Additionally, Solo Build It! automatically addresses the following:
Your Site’s URLs
- Any URLs on your site that reference your own domain name are switched to HTTPS. This includes the RSS feed and XML sitemap.
- Google Custom Search
- Google Fonts
- Google Translate
- Google Maps
- Video URLs
- JQuery scripts loaded from many popular third-party sites like Google API
Sitesell Affiliate Program
- graphics.sitesell.com image URLs
- youtube.sitesell.com video URLs
- https://www.sitesell.com/images image URLs
Amazon Associates Program
- 40 domain names used for the Amazon Associates program (including .co.uk, .ca, .de, .fr)
Affiliate Programs / Advertising Networks
Subscriber / Mailing Lists
- Twitter Cards
- Add This
RSS Feed Tools
Additionally, numerous articles and forum posts were provided leading up to this change to help educate and advise members.
While other services may provide free SSL certificates and an easy way to “enable HTTPS,” none offer this level of service and ease of conversion!
If you haven’t already converted your site to HTTPS, now is the time to consider doing so. The longer you wait, the more likely your site will be negatively impacted.
Think through all the possible scenarios regarding traffic and income. Then base your conversion “go or no go” on what you determine is the best course of action right now. If you decide to wait until a particular time, take a moment to schedule a review in your calendar.
If your site is seasonal, and your big season is in the next 2-3 months, you may want to hold off on converting to HTTPS until that season ends. On the flip side, if you don’t convert, and there are order forms on your pages, those forms will be flagged as not being secure. So some of your visitors may be scared away from ordering from you.
Solo Build It! members, head over to the forums and Site Central to run the Site Check tool and begin preparing to convert your site.
If you’re hosting your site elsewhere, contact your web host for more information on how they’re supporting Google’s HTTPS requirement.
Want to learn more about everything else Solo Build It! does for our solopreneurs? Start here.