UPDATE: Google is now warning webmasters to switch from non-secure HTTP to HTTPS, or risk losing traffic. The deadline is October 2017.
HTTPS (Hypertext Transfer Protocol Secure) is a way to make your website secure and protect ‘the integrity and confidentiality of your users’ data’ (Google).
Way back in August 2014, Google announced that changing the security certificate of your website to HTTPS/SSL (also known as ‘HTTP over TLS’, Transport Layer Security) would be used as a ranking signal, albeit a weak one. At the time Google predicted that switching from HTTP to HTTPS would positively impact on less than 1% of global queries.
In fact, in a Google webmaster hangout, Google’s John Mueller said that HTTPS is far from a ‘magic bullet’ that would cause a visible change or noticeable SEO benefits, although making your site more secure does make sense in the long-term for user peace of mind.
Back in 2015, HTTPS was only a minor ranking signal that didn’t make a huge difference to your overall rankings, however, Google has continued to look at ways to improve and prioritise website security. The search engine wants to make sure that the websites people access via Google are secure and what they say they are.
Latest Information from Google: 19th August 2017
Google Is Forcing You to Switch to HTTPS by October or Lose Rankings
Google is now sending out emails to Search Console users saying that if you don’t switch from your non-secure HTTP website to HTTPS, then you risk losing traffic and have a “NOT SECURE” notification pop-up on your website for all Chrome users. The deadline is October 2017.
Here is a copy of one of the emails that were sent out:
HTTPS is safe, HTTP is not
The reason for Google’s push towards HTTPS is website security. Earlier in 2017, Google sent out notifications that secure-data must be secured. This includes, but is not limited to sites that collect customer data such as credit-card information and even personal information. HTTP basically allows unauthorized people to tap into your computer and steal all of your valuable information. Google wants to avoid that by strongly encouraging the shift to HTTPS.
When presenting the ‘HTTPS Everywhere’ campaign, Pierre Far from the Google Webmaster team and Ilya Grigorik from the Google Developer team explained why Google believes that every website should be secure.
Their position is that a single search may not reveal much about a person but, cumulatively, the websites we visit, the searches we make, the articles we read and even the music we listen to online can all reveal a great deal about our personalities, our likes and dislikes, our location, belongings, holidays and much more. Google says that its priority is secure searching and protecting the privacy of web users against malicious attacks.
In the HTTPS Everywhere presentation (which is worth a watch if you have a spare 45 minutes), Far and Grigorik explained that switching to an HTTPS certificate helps with:
- Authentication – Is the website visitor on the site they think they’re on?
- Data integrity – Is the data safe when transferred?
- Encryption – Could someone be eavesdropping on the website visitor?
HTTPS stops malicious attackers from impersonating the destination site, tampering with data or listening in.
You can read a full guide on how to secure your website with HTTPS here. Different 2048-bit TLS certificates are available for commercial and non-commercial websites, as well as single host certificates and multi-domain certificates.
Need a Guide to Stress-Free HTTPS Migration? Take a look at the following from Search Engine Journal
Want to check that your SSL certificate is installed correctly? Here’s a free SSL Checker
It’s a good idea to test your server too – you can do that here SSL Server Test
In December 2014, the issue of secure browsing came to the forefront of SEO conversations again when Google developers working on the search engine’s Chrome browser proposed warning people their data is at risk every time they visit a website that does not use the HTTPS system (you can read the proposal here). When implemented, initially planned for 2015, web users will see a message that the connection they’re about to make to a website ‘provides no data security’ or they may simply see a red cross through the padlock symbol at the start of the web address.
In 2015 only 33% of websites used HTTPS, this number has grown and today the average volume of encrypted internet traffic finally surpassed the average volume of unencrypted traffic. When Google does begin to flag up warnings on non-secure HTTP websites we are likely to see a much bigger swing towards HTTPS across the board.
This may initially cause confusion for website users who may not understand the difference between HTTP and HTTPS and worry that there is something wrong with a website they have previously used without hesitation. People tend to assume that websites and emails are private but creating an indicator that this isn’t the case will challenge that assumption.
Webmasters will face the initial challenge of moving a website over to HTTPS but supporters of Google’s HTTPS Everywhere campaign feel this will be a good thing for the Internet and Internet users in the long-term.
Are you concerned about this latest update?
Are you now thinking about moving your site to HTTPS? Or have you already moved your site? Are you concerned about this update? Please let me know in the comments below – I’d love to hear your thoughts.
Free SEO Checklist
Find out how to create a website that Google and your customers love with our SEO Checklist
Discover how to:
- Optimise your website for higher rankings in Google while also providing a good user experience for your customers.
- Build site credibility and increase influence so that Google ranks you even higher and your potential customers find and trust you
- Create unique and authentic content to drive conversations and fuel online searches leading to more quality leads, inquiries, and sales.
If you found this article helpful, we’d love it if you could share it – thank you