July 9th 2018: Update from Google, launch date for Chrome 68: July 24th 2018
Q2 2018: Google has set the deadline for securing all websites by implementing SSL / HTTPS, as the release of Chrome version 68 in Q3 2018. In its announcement ‘A secure web is here to stay‘ Google outlines that all sites that do not adopt HTTPS will be flagged as insecure and visitors notified with a visible display in the browser bar saying ‘NOT SECURE‘:
Why should you upgrade to HTTPS with SSL?
1. Visitor Confidence:
Without HTTPS, warnings will be displayed to all visitors which will affect the bounce rate – as a visitor do you want to understand HTTPS/SSL/Encryption/TLS? No, you just want a safe journey and if there is any kind of warning it’s easier to just duck out to the next site on Google search results list. As a website owner you can’t afford that. Not only do you lose a prospect, you get another tick in the Google box that says ‘a visitor has bounced off your site’ which in turn affects your SEO ranking negatively. You need to build on your users’ experience and make them feel safe and secure. In addition having HTTPS has become associated with an up-to-date and well-maintained site. With Chrome now having over 60% market share they do rule the roost and where Chrome goes others follow. Security companies such as McAfee, Norton and Kaspersky display safe browsing icons only when a site is HTTPS.
2. Improved SEO
Websites that have already installed HTTPS are seeing that it is already being used as a ranking factor with search engines. In the future, Google’s announcement indicates that it will have greater importance and impact on SEO. Google has made it clear that every site that is presented in search engine results needs to be using secure protocols and displaying HTTPS. In their discussions they are indicating that this will improve the quality of SEO by identifying and presenting safe sites to Google visitors by delivering safe content.
3. Safer Websites
Plain and simple, HTTPS really is just a lot safer. HTTP (“HyperText Transfer Protocol”) is the existing and established protocol used to send information between your browser and any website you visit. HTTPS is the secure version of this protocol (HyperText Transfer Protocol Secure). Basically the ‘S’ part encrypts any data in your web browser before being sent, which makes it harder for any potential hackers to operate. When you share any data such as credit card details for online purchases, then it’s crucial. But it doesn’t stop at e-commerce and financial institutions that you communicate with. Any time that personal data (such as filling in online forms) is shared it should be sent securely. So Google has moved into the final phase of securing all websites as the second part of its goal of total online security. With HTTPS displayed you can be sure that your site is seen as secure and not a fake ‘front’ used to extract information.
4. Improved Speed
Another large benefit, and one that Google uses for SEO ranking as well as helping website visitors, is that HTTPS gives access to HTTP/2. A major benefit of HTTP/2 is that it’s faster. Because the speed at which your website page loads is a major factor in Google’s ranking for SEO then moving to HTTPS (and therefore HTTP/2) can improve not only your site security and visitor confidence but your search engine optimisation and ranking.
5. It’s Cost Effective (But not wonderfully easy to implement!)
SSL certificates vary in price from free off-the-shelf certificates that need to be renewed regularly through to annual complex and chargeable certificates. The type that is required depends on the level of security needed for the site, in this phase certificates such as Let’s Encrypt are sufficient for non-ecommerce or financial sites.
How do I implement HTTPS?
Insight provides an HTTPS implementation solution, email us to find out more at info@insightgroup.co.uk or call at local rate on 0843 289 3060. Or fill in our contact form here.
“Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default.”
Google’s Online Security Blog, February 8th 2018
DIY – if you feel comfortable enough dealing with the technical side of websites then check out this step-by-step walk through by Tung Tran, Founder of CloudLiving.com: WordPress SSL: How To Switch From HTTP To HTTPS (13 Simple Steps). Or, if after reading his excellent article, you still feel wary of touching your website’s SSL, then fill in our contact form here.
What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) is a method for securing your website and to protect ‘the integrity and confidentiality of your users’ data’ (Google). In August 2014, Google announced that changing your website’s security certificate to HTTPS/SSL (‘HTTP over TLS’, Transport Layer Security) would be used for Search Engine Results Pages (SERPs) and the ultimate SEO ranking. The terms SSL and HTTPS are commonly mixed as the description of securing websites. This makes sense as they’re closely connected – SSL (Secure Sockets Layer) creates the encrypted connection between the host and your website and the browser used by your web visitors. In essence SSL is what makes your site use HTTPS; installing an SSL certificate is part of the process to implement in making your web site conform to HTTPS. Unfortunately, like a lot of things related to websites and security, installing an SSL certificate isn’t that straightforward. However, Google has provided a 29-step process to implementing SSL certificates for HTTPS:Google’s support documentation about HTTPS.
Google Announcement on HTTPS Security : February 2018
Google’s announcement has been direct about the next release of Chrome visibly flagging sites and warning users of insecure sites. Their goal is a totally secure internet and persuading all website owners to upgrade to HTTPS with a Secure Socket Layer (SSL) by implementing a security certificate that provides Transport Layer Security (TLS) encryption. Any computer in between you and the server with an SSL certificate makes any information unreadable to everyone except for the website server.
Why have Google announced this?
This is not a new move by Google, but the original announcement in 2014 ‘HTTPS Everywhere’, focused initially on ecommerce websites where financial details, such as credit cards, was sent to website servers. Now Google has identified the end date for this for all websites with the release of Chrome version 68 in Q2 2018.
Google’s HTTPS Everywhere announcement on YouTube in 2014
HTTPS / SSL – where to find out more
If you would like to make sure your website meets security standards and is not penalised for being insecure, get in touch with us today. We can implement HTTPS/SSL on your website for you to give you peace of mind.
