Imminent Web Security Changes that Could Affect You
Back in 2014 Google suggested that all sites should move to HTTPS and that HTTPS would become a ranking signal, implying that secure sites would rank better, get more traffic and live happier and longer. Google wants the web to be a safer place and is advocating HTTPS Everywhere, so that all sites are secure on all their pages, not just transactional or sensitive places. Google has been running all of its own sites over HTTPS for some time now, as has Microsoft/Bing, who are also encouraging similar moves.
We, as SEO‘s, have seen the direct correlation between ranks for secure HTTPS sites and non-secure HTTP sites, and we also believe that HTTPS gives a far better user experience, as users are far more comfortable and assured when they browse a secure site. We have consequently been recommending to all of our clients that they switch to HTTPS wherever possible.
Now, Another Reason to Switch to HTTPS
Around the 31st of January, Google will be releasing version 56 of its Chrome web browser. Chrome is by far the most widely used web browser and, according to NetMarketShare, it is also the most widely used Mobile/Tablet Browser, making it the most popular and most important browser for viewing your website.
In the current version of Chrome, a non-secure page will have a small circled “i” appearing in the browser web address field/location bar like this: – Whereas a secure site has a more reassuring green padlock and the word secure like this:- ..
Starting with the release of Chrome version 56, at the end of January, any website that is not running HTTPS will have a message appear in the location bar that says “Not Secure” on pages that collect passwords or credit cards. We think it will look like this:-
This is the first element of a staged rollout that encourages sites to phase out plain HTTP completely and switch entirely to HTTPS.
In a forthcoming release, Google Chrome will label all non-HTTPS pages in incognito mode as “Not secure”, because Incognito users tend to have a higher expectation of privacy.
The final stage of the planned rollout will be that Chrome will label all HTTP pages as “Not secure”. We believe it will look something like this:-
So How is This Going to Affect You?
In the first stage of the rollout, it will mean that any pages where you collect sensitive information, like credit card details, personal information or passwords, will be marked as not secure, which could confuse your users, make them fear that your (or their) security has been compromised, and could lead to them abandon their visit.
This will obviously affect far less sites than the final stage of the rollout, as most sites that do collect sensitive information do this over HTTPS. It is the final stages that will have the biggest impact, as many information only sites, whose owners have not seen the need to invest in SSL/HTTPS, will now see a direct effect. That said, there is currently a warning when you click the “i” in the location bar that says:-
Your connection to this site is not secure.
You should not enter any sensitive information on this site (for example, passwords or credit cards), because it could be stolen by attackers.
If you have already enabled HTTPS across all of your sites, then you can just sit back smugly, congratulate yourself on your far-sightedness and relax, safe in the knowledge that your secure site will now perform even better.
What Should You Do If Your Site Is Not HTTPS?
If, however, you have not enabled HTTPS on your site/s and are just running HTTP then you need to act and act quickly.
Google Chrome is the most popular of all the browsers but in a market that is made up of only a few real players, i.e., Safari, Firefox and Microsoft Edge, it seems unlikely that the other browsers will not follow a similar path.
That said, and given the already implied warning about Google favouring HTTPS in its rankings, the additional user security and experience benefits of switching to HTTPS, now appear to make a move incontrovertible.
SSL (Secure Sockets Layer), the standard security technology for establishing an encrypted link between a web server and a browser that enables sites to run over HTTPS, come in all shapes and sizes and can be purchased from a few pounds to many thousands of pounds for very secure technology for more complex or highly confidential applications.
We recommend that if you are running a plain HTTP site, you should purchase and install an SSL as soon as possible or you could suffer from a double whammy of a loss of traffic and a loss of user confidence.
However, switching to HTTPS is not without risk. You also need to be aware that when you do install an SSL:-
- All of your URLs/web links will change and you will need to modify all of your internal links, including links to images and other assets, so that you do not get mixed content warnings (where a page is serving secure and non-secure content)
- All of your external links (other sites linking back to you) will be pointing to the wrong address, so you will need to change these and/or 301 redirect your old urls.
- Your pages will still be accessible via HTTP so you will need to set up 301 redirects from your HTTP pages to their HTTPS equivalent, so that you do not run the risk of serving duplicate content and/or diluting your page strength.
- You will need to 301 redirect all of your old pages to their secure equivalents, so that you do not lose any Google ranks that you have.
- You will need to change your Google Analytics and any other analytical, monitoring or management software, so that it is pointing at the right location.
- And you might want to change any email signatures, documentation and stationery. so that you have the correct address shown.
Whilst it sounds a little scary and it can have a big effect on your site and business, Zelst have managed a large number of migrations from HTTP to HTTPS and are here to help you through the process. If you require any further information about this or site migrations in general please get in touch now.