SSL HTTPS
24.09.17
All Websites Will Need SSL for “Secure” Label in Chrome.

In October, Google will begin to label all HTTP pages as non-secure.

The issue of Internet security is one which is already of utmost importance to anyone involved in hosting, designing or using websites. As the next wave of web interaction unfurls, with developments such as the Internet of Things, and the wider economy moves inexorably toward being completely cashless, the question of security is likely to become ever more central. It is this direction of travel which Google is reflecting in its treatment of HTTP sites.

 

Example of the “Not secure” label

Example of the “Not secure” label. Source: Google

 

HTTP sites, as opposed to HTTPS sites, are those which don’t encrypt the information sent between the user and the server. If you’re not sure whether the site you’re using or running is secure in this manner, simply check the HTTP at the start of the address bar. Since launching Chrome, Google has been attempting to persuade more and more sites to shift to the security of HTTPS, and its latest version, launching in October, is going to take this process one step further. When that happens, it will display’Not secure’ in red, which is at the moment only used for broken HTTPS. It’s a development which is of utmost importance to anyone with a site which includes forms of any kind, from contact forms and search bars to log in panels.
[mds_tweet_this]Time to switch to HTTPS is now, before seriously damaging the rankings and reputation of your business.[/mds_tweet_this]

 

Since 2014, the presence of an SSL certificate, denoting the use of encryption, has been used by Google as a ranking signal, and their efforts to embed HTTPS everywhere in the web have recently shifted from encouragement of this kind to more punitive measures.

 

In January, Google started to label some pages in HTTP as non-secure with the release of Chrome 56.

When version 56 of Chrome was launched in January, Google began taking the step of marking those sites which asked for credit card details or passwords as being non-secure if they were HTTP only. The latest version, 62, which arrives in little more than a month, will take this process even further. From October onward, any HTTP sites which require users to input text will be labelled as non-secure when listed by Google. This is the clearest indication Google has given yet that it is moving toward a future in which it wishes to see all internet sites transmit information via encryption. Indeed, Emily Schechter of the Chrome Security Team was perfectly frank about this aim, stating that “Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.”

 

Chrome 56 'Not secure' label for HTTP login

 Chrome 56 ‘Not secure’ label for HTTP login or payment pages. Source: Google

 

 

The message is clear – the time to switch to HTTPS is now, before the approach being adopted by Chrome has a chance to seriously damage the rankings and reputation of your website and, by association, your business as a whole. The good news is that switching to SSL is a relatively quick and simple process, and one which can be facilitated with ease and certainty by working with a company such as Omdesign.

 

 

Some businesses may be tempted to adopt the more sanguine view that users don’t necessarily take too much notice of non-secure warnings, and put off making the switch until it becomes an absolute necessity. This would be a huge mistake on two counts. The first is that it’s fairly safe to assume that all of your competitors are being encouraged to make the switch and, if they haven’t already done so, will be doing so in the immediate future. According to research carried out by Firefox Telemetry, almost 60% of page loads now take place over HTTPS, and as this figure continues to climb those businesses which don’t offer encryption are going to look increasingly out of place.

 

The second issue to bear in mind is the fact that Google is unlikely to stop at merely issuing warnings about HTTP sites. Over time, there is every likelihood that sites which involve text input but which aren’t HTTPS will find themselves actively blacklisted, as this is the logical extension of the push toward encryption which Google is mounting.

 

The benefits of SSL and the risks of not setting it up are now too clearly weighted for the switch to be put off any longer. If you have a site of your own or design sites and provide SEO services for other businesses then it’s vitally important to take action and spread the word.