If your website collects login or password information, now is the time to convert to HTTPS. In this post we’ll share some important information from Google that website owners need to know.
Over the past several years Google has been working hard to migrate all of their properties to work over SSL (Secure Socket Layer). In 2014 Google announced that adding an SSL certificate to your website would give you a minor ranking boost. This is because Google takes security very seriously and wants to make the Internet safer for everyone.
Google’s HTTPS Initiative
Last fall Google began pushing for an encrypted web by requiring websites that collect login or password information to convert to HTTPS by January 2017. The reason for this is to protect the sensitive data that you collect from your visitors such as credit card data, membership logins, passwords, and more. Sites collecting this data that have not converted to HTTPS now show a “NOT SECURE” warning in the browser.
New Google Penalty for Non HTTPS Sites Effective October 2017
In August 2017 Google sent email notifications to non-compliant site owners via Google Search Console. Site owners were warned that effective October 2017 Chrome will now show the “NOT SECURE” warning to visitors who enter text in a form on an HTTP page or who visit HTTP pages via incognito mode. (For more information on these warnings, refer to this post.)
What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) ensures a secure communication between a browser and a web server through the use of a Secure Socket Layer (SSL). This stops “man-in-the-middle” attacks from intercepting sensitive data such as password and credit card information that visitors submit from your website.
By the time Chrome 56 rolled out around January 31, websites that had an SSL certificate installed and configured properly began to show visitors a secure connection in the browser bar:
This notation helps to build customer trust and assures your visitors that their information is protected and secure as it transmits from their browser to your server.
But if you collect sensitive data on your website and your site had not been converted to HTTPS when Chrome 56 rolled out, then your visitors have been seeing the NOT SECURE warning in their browser bar:
Seeing the NOT SECURE warning may alarm and cause a visitor to leave your website. This in turn decreases conversions, increases bounce rate, and affects your SEO (search engine optimization).
By now I’m sure you can see why it’s so important to encrypt your website pages and protect your visitors’ data. This is an important first step that Google is taking to make the internet safer.
Google’s Future Plans for HTTPS
At some future date, Google will require ALL website owners to convert to HTTPS regardless of whether sensitive data is collected from the website. Additionally, Firefox and other browsers are following suit. For a complete explanation of these phases and timelines as well as Chrome global statistics, please refer to this helpful post by our colleagues at R & R Web Design.
How to Tell if Your Website Connection is Secure
When you visit a website, you can check whether your connection is secure. For additional browser-specific information about secure website connections, please refer to the following:
Check if a site is safe to visit (Chrome)
Now that you understand why it’s important to convert to HTTPS, the rest of our post will look at the following:
- What is an SSL Certificate?
- Where can I Get a Free SSL Certificate?
- What are the Additional Benefits of HTTPS?
- What about CloudFlare Users?
What is an SSL Certificate?
Per GlobalSign Certificate Authority:
SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser.”
You’ve probably noticed the padlock when you’ve made an online purchase and checked out of a big-brand store such as Amazon. Or if you use online banking or paid a credit card online, you have probably seen the padlock. That padlock assures you that the organization has an SSL certificate installed and is protecting your data as you use their site.
If you’re running a WordPress website and have wondered about adding SSL, you might want to read our earlier post to learn more.
Where can I Get a Free SSL Certificate?
For many years the cost of encrypting a website has been expensive and complicated for small business owners. They had to purchase a dedicated IP and a certificate from a Certificate Authority and then pay to have that dedicated IP and certificate renewed each year.
But the Let’s Encrypt initiative has changed all that. Let’s Encrypt began offering free SSL certificates last year, and small business owners have been able to encrypt their websites without incurring extra expenses. And an added bonus is that a dedicated IP is not necessary under Let’s Encrypt.
As HTTPS becomes the standard protocol, more and more hosting companies are offering and installing Let’s Encrypt certificates for free, too. For many small businesses, this is the perfect (and affordable) solution to encrypting their site.
Our hosting company, A2 Hosting (affiliate), automatically installs Let’s Encrypt SSL certificates on client accounts for free. That includes requesting and installing the Let’s Encrypt certificate on our behalf, then updating it automatically every three months.
Other hosting providers have a configuration setting that you need to enable. And still other providers automatically request and install certificates for all their customers.
What are the Additional Benefits of HTTPS?
Historically, websites running under HTTPS experienced slower page loads due to the SSL negotiation. This caused website owners to think twice before they made the decision to convert to HTTPS.
But HTTP/2 has resolved many of those issues. HTTP/2, the latest update to HTTP, brings more efficiency, security and speed to the web. Now these same sites running under HTTPS can take advantage of HTTP/2, which improves performance and overall user experience.
In a recent Moz report, 50% of page one search results are HTTPS. And it’s projected that 70% of page one results will be HTTPS by year-end 2017.
And we can’t forget about Bing. In 2015 Microsoft announced their plans to also standardize HTTPS for web traffic encryption.
What about CloudFlare Users?
Many small businesses take advantage of CLoudFlare’s free plan. CloudFlare users will still be able to use the free plan with the Full (Strict) SSL option. Unfortunately, this is an area of confusion for lots of site owners and web hosts. Many clients are under the impression that they have to upgrade to the paid plan to use CloudFlare under SSL. This is simply not true. You can still use the CloudFlare free plan and a free SSL certificate while reaping the benefits of both!
Convert to HTTPS Now
There are just so many benefits to making the decision to convert to HTTPS now rather than later. To recap, at some future date Google will require HTTPS of all website owners. HTTPS sites are currently receiving a small ranking boost. This ranking signal is bound to become greater as more and more sites comply, meaning those who don’t convert will lose out in ranking. And other search engines such as Bing are following suit.
If you’re a do-it-yourself website owner, you need to get started! Please refer to our earlier post on adding SSL to your WordPress site.
You might want to check Matt Banner’s detailed and resourceful post on How to Switch from HTTP to HTTPS for further information.
But for those of you who don’t have the time or knowledge to convert to HTTPS, it’s time to get help with converting your site ~ even if you are not collecting sensitive data. Remember, in the near future Google will be requiring HTTPS of all website owners! Please see our HTTPS conversion pricing for further information or contact us for a quote.
Stay ahead of the game and contact us if you need assistance with your conversion. We’re always happy to help!
Have questions? Please feel free to post them in the comments below!