Effective July 2018, Google’s Chrome browser will visibly mark websites without SSL Encryption (HTTPS) as ‘not secure’
If you haven’t been keeping up with the latest in Google Land, we don’t blame you. There’s a lot to keep up with! But one thing is for sure, you better not miss this important update. Doing so might mean saying bye-bye to your first-page ranking, and turning away customers who aren’t particularly fond of taking risks. Think we’re exaggerating?
So just what is it that we’re talking about?
Secure Socket Layer otherwise known as SSL for short.
If you’ve been around the internet for a while, you may have noticed some websites show that cute little green padlock to the left of the URL. Ring a bell? (Incognito it is white)
Well, that little padlock is more than just a cute icon. The padlock, and the “https” that follows, are a sign to visitors that the website is secure with a valid SSL certificate.
Now, you might be thinking, “well, customers already trust my site, so it doesn’t matter, right?” Wrong. That padlock is not about trust, it’s actually about protecting sensitive data that’s sent and stored on a website. Symantec describes SSL’s role as this:
it’s the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details.
What Google’s browser update means for your website
Since 2014, Google has been rewarding websites that implemented SSL encryption by providing them with a small boost in search ranking. While that’s all fine and dandy for those “early-adopters”, the rest of the internet didn’t suffer much. Until now. Effective July, 2018, Google will, in essence, be penalizing websites who don’t adopt this web-security standard.
Instead of just not seeing that little green padlock, visitors will begin seeing a “Not secure” message next to your URL.
So why is Google doing this so suddenly? Actually, it’s not so sudden. If you’re reading this article, you’re unfortunately just late to the game. According to a blog post by Google, significant progress is being made to provide a safer internet for all, and is the direction things have been going for a while:
Over 68% of Chrome traffic on both Android and Windows is now protected
Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
81 of the top 100 sites on the web use HTTPS by default
And what’s more, if you still haven’t made the switch by October 2018, you can expect things to get worse. Google will take this all one step further, marking that gentle “Not secure” warning next to your site URL with red text and a red warning flag. Consider yourself warned.
Now…for the good news
You can easily pick up an SSL Certificate and set it up on your site in no time! And if you just need it for one website, it’s relatively inexpensive (pricing varies for multiple websites, or custom certificates).
Not sure where to start? If you haven’t yet created your site, we recommend getting started with our preferred hosting provider Bluehost. Their team is responsive, their prices are affordable, and they make it stupid simple to start building a WordPress website. The best part, Bluehost now provides free SSL certificates for all assigned and parked domain names!
Already have a website? If you’re open to it, we still recommend you make the switch to Bluehost. However, we know sometimes this isn’t possible. In that case, we recommend you purchase an SSL certificate from one of the following sites and install it on your server:
Comodo – Comodo, global leaders in the SSL market, delivers technology that can be trusted to authenticate, validate and secure “information,” and to combat constant malware threats and cyber attacks. Comodo issues all kinds of highly secure SSL certificates and works with a mission to create trust online.
Digicert – DigiCert is the world’s premier provider of high-assurance digital certificates—providing trusted SSL, private and managed PKI deployments, and device certificates for the emerging IoT market. Since our founding almost fifteen years ago, we’ve been driven by the idea of finding a better way.
Symantec – What’s in a Symantec SSL/TLS certificate? Enterprise-class strength. 100% root ubiquity in today’s browsers. And industry-recognized support from the most established Certificate Authority in the world, formerly from VeriSign.
And if you’re using WordPress, we have even better news! Cloudflare offers 100% free SSL Certificates for WordPress users. To claim your free SSL certificate, just follow these instructions on Cloudflare’s website.
Migrating an existing site to HTTPS
Whether your migrating an existing site, or setting up a new site, the actual process of buying a certificate and getting it on your server will be pretty easy. However, the hard work comes in making sure your existing site information gets served up correctly with the proper levels of security applied. Patrick Stox over at SearchEngineLand wrote a great article on how to go about securing an existing website. We highly recommend you check that out before you start.
Prefer a hands-off approach to getting your site switched to HTTPS? Give us a shout and let us know you’d like a hand. We’d love to help.