Protect Your Visitors And Your Website By Taking Action Now
Google changes its search engine algorithms on a regular basis. Most of the changes have little or no impact on your website’s ability to rank. Other changes, such as the mobile search changes Google announced last May, have a major impact.
But come October, Google is planning another major update, one that will affect any nonsecure websites. Specifically, Google is going to start adding a new “nonsecure” warning to non-HTTPS pages on your site. This has the potential to confuse visitors and drive a significant drop in the number of people coming to your website pages.
Google has announced new efforts within Chrome to encourage website owners to move their sites over to HTTPS. Chrome already marks HTTP pages as “not secure” if they have password or credit card fields. Starting in October 2017, the Chrome browser will show the “not secure” warning in two additional situations: when users enter data on an HTTP page and on all HTTP pages visited in Incognito mode.
What Is HTTPS?
HTTP (Hypertext Transfer Protocol) and HTTPS (Hypertext Transfer Protocol Secure) are both languages for passing information between web servers and clients. HTTPS is a secure connection, and HTTP is not secure.
With HTTP, it is possible for unauthorized parties to observe the communication between your computing device and the site. An HTTPS connection adds a blanket of security by encrypting the information with an SSL certificate. “In short: HTTP is not secure, and you should never trust your sensitive information to such a site. HTTPS is secure and is becoming the web standard.”
Today, users expect a secure and private online experience when using a website. Without HTTPS, sensitive information can be hacked or stolen. Google, by penalizing HTTP connections, is taking steps to ensure users get the secure experience they expect.
In 2014, Google first announced HTTPS as a ranking signal, meaning that websites that use HTTPS get a slight boost in their rankings. Yet some webmasters are still wondering whether it’s worth the effort to implement an encrypted certificate. Ultimately, Google wants to mark any web page over HTTP as insecure, but this is a longer-term initiative.
Actions You Should Be Planning
If you have not done so already, protect your visitors and your site with an SSL certificate and migrate your website pages to HTTPS. This is particularly important for any landing pages with forms. It’s going to be exponentially more difficult to get information from visitors, and to convert those visitors into leads, if they’re flashed a security warning from Google prior to completing the form.
Gabe Wahhab, Director of Interactive Services at Square 2 Marketing, noted, “Advancements in secure protocol technology over the last couple years have made it easier and cheaper than ever to ensure your website is fully secure. All websites today should be using the HTTPS protocol to create a more secure web. I applaud Google for continuing to make the web more secure for all users.”
We’re talking primarily about landing pages and pages with forms, but Google also announced that login pages will require HTTPS protocol. Last winter, Google began sending notices through the Google search console to websites that have login and password fields on pages that are not over HTTPS. The notification said nonsecure collection of passwords will trigger warnings in Chrome 56. Any input fields for passwords or credit card details that are not HTTPS will trigger the new Chrome warning.
If you’re thinking this doesn’t apply to you because you don’t use Chrome, guess again. The last report I saw showed Chrome represented over 60% of the browsing community. If your site, site pages and site logins are not secure, your visitors are going to get this scary message. They will bounce off and your site performance will be affected.
What Do You Have To Do?
Search Engine Journal has a great article that goes into additional details, but the action plan is clear. To enable HTTPS on your website, you must obtain an SSL certificate from a certificate authority (CA). This certificate does a couple of things. For one, it enables your site to communicate with users using encrypted, non-corruptible data.
The certificate also acts as a stamp of approval from a trusted party (in this case, the CA), which says your site is legitimate and secure. A number of marketing automation systems, such as HubSpot, and content management systems give you the opportunity to have HTTPS as part of their solution.
Once you have your SSL certificate, there are a few steps to make the migration: approve the certificate, do a full backup of your site, change all your internal links, check code libraries, update all the external links you can and create a 301 redirect.
Don’t forget to update your URLs on Google (search console analytics), AdWords and anywhere else you are running paid ads, on all your social profiles and across all your top citations. If you change to HTTPS but don’t update your links, you’ll deliver a lot of “page not found” errors to your visitors. This change and the associated updates can be complicated, so consider working with your digital agency to help you do the upgrades in a seamless manner.
Still Not Sure?
Data protection is by far the biggest advantage of HTTPS, but it’s not the only one. HTTPS sites also load significantly faster. In a test on HTTPvsHTTPS.com, the unsecure version of the page loads 334% slower than HTTPS. Try the test on your own device and see how they compare.
That’s not all. Back in 2014, Google tried to persuade webmasters to make the switch to HTTPS and made the secure protocol a stronger ranking signal as motivation. Google flat-out said they would start giving preference to sites with an SSL in 2014. Since that time, encrypted sites have earned a boost in rankings over their unsecured counterparts. Since that bit of motivation didn’t provide enough encouragement for sites to switch, Google is now forcing the issue. Instead of incentivizing HTTPS, Google may even penalize HTTP sites.