LATEST UPDATE: Google Sets a July Deadline for HTTPS
Google has announced a deadline of July 2018 as the date for when Chrome will begin clearly warning users if a site is insecure. This prominent warning is likely to affect how secure users feel and may cause visitors to leave a site, resulting in a negative impact on a sites bounce rate, impressions, clicks, and sales.
This warning comes after a previous one last year where Google warned webmasters to switch from non-secure HTTP to HTTPS, or risk losing traffic.
What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) is a way to make your website secure and protect ‘the integrity and confidentiality of your users’ data’ (Google).
Way back in August 2014, Google announced that changing the security certificate of your website to HTTPS/SSL (also known as ‘HTTP over TLS’, Transport Layer Security) would be used as a ranking signal, albeit a weak one. At the time Google predicted that switching from HTTP to HTTPS would positively impact on less than 1% of global queries.
In fact, in a Google webmaster hangout, Google’s John Mueller said that HTTPS is far from a ‘magic bullet’ that would cause a visible change or noticeable SEO benefits, although making your site more secure does make sense in the long-term for user peace of mind.
Back in 2015, HTTPS was only a minor ranking signal that didn’t make a huge difference to your overall rankings, however, Google has continued to look at ways to improve and prioritise website security. The search engine wants to make sure that the websites people access via Google are secure and what they say they are.
Latest Information from Google: February 2018
Google’s announcement was firm about their goal to warn users of insecure sites, with the intent of persuading more web publishers into upgrading to HTTPS.
“Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default.”
Previous Information from Google: 19th August 2017
Google Is Forcing You to Switch to HTTPS by October or Lose Rankings
Google is now sending out emails to Search Console users saying that if you don’t switch from your non-secure HTTP website to HTTPS, then you risk losing traffic and have a “NOT SECURE” notification pop-up on your website for all Chrome users. The deadline is October 2017.
Here is a copy of one of the emails that were sent out:
HTTPS is safe, HTTP is not
The reason for Google’s push towards HTTPS is website security. Earlier in 2017, Google sent out notifications that secure-data must be secured. This includes, but is not limited to sites that collect customer data such as credit-card information and even personal information. HTTP basically allows unauthorized people to tap into your computer and steal all of your valuable information. Google wants to avoid that by strongly encouraging the shift to HTTPS.
HTTPS Everywhere
When presenting the ‘HTTPS Everywhere’ campaign, Pierre Far from the Google Webmaster team and Ilya Grigorik from the Google Developer team explained why Google believes that every website should be secure.
Their position is that a single search may not reveal much about a person but, cumulatively, the websites we visit, the searches we make, the articles we read and even the music we listen to online can all reveal a great deal about our personalities, our likes and dislikes, our location, belongings, holidays and much more. Google says that its priority is secure searching and protecting the privacy of web users against malicious attacks.
In the HTTPS Everywhere presentation (which is worth a watch if you have a spare 45 minutes), Far and Grigorik explained that switching to an HTTPS certificate helps with:
- Authentication – Is the website visitor on the site they think they’re on?
- Data integrity – Is the data safe when transferred?
- Encryption – Could someone be eavesdropping on the website visitor?
HTTPS stops malicious attackers from impersonating the destination site, tampering with data or listening in.
You can read a full guide on how to secure your website with HTTPS here. Different 2048-bit TLS certificates are available for commercial and non-commercial websites, as well as single host certificates and multi-domain certificates.
Need a Guide to Stress-Free HTTPS Migration? Take a look at the following from Search Engine Journal
Want to check that your SSL certificate is installed correctly? Here’s a free SSL Checker
It’s a good idea to test your server too – you can do that here SSL Server Test
Google Chrome
In December 2014, the issue of secure browsing came to the forefront of SEO conversations again when Google developers working on the search engine’s Chrome browser proposed warning people their data is at risk every time they visit a website that does not use the HTTPS system (you can read the proposal here). When implemented, initially planned for 2015, web users will see a message that the connection they’re about to make to a website ‘provides no data security’ or they may simply see a red cross through the padlock symbol at the start of the web address.
In 2015 only 33% of websites used HTTPS, this number has grown and today the average volume of encrypted internet traffic finally surpassed the average volume of unencrypted traffic. When Google does begin to flag up warnings on non-secure HTTP websites we are likely to see a much bigger swing towards HTTPS across the board.
This may initially cause confusion for website users who may not understand the difference between HTTP and HTTPS and worry that there is something wrong with a website they have previously used without hesitation. People tend to assume that websites and emails are private but creating an indicator that this isn’t the case will challenge that assumption.
Webmasters will face the initial challenge of moving a website over to HTTPS but supporters of Google’s HTTPS Everywhere campaign feel this will be a good thing for the Internet and Internet users in the long-term.
Are you concerned about this latest update?
Are you now thinking about moving your site to HTTPS? Or have you already moved your site? Are you concerned about this update? Please let me know in the comments below – I’d love to hear your thoughts.
Free SEO Checklist
Find out how to create a website that Google and your customers love with our SEO Checklist
Discover how to:
- Optimise your website for higher rankings in Google while also providing a good user experience for your customers.
- Build site credibility and increase influence so that Google ranks you even higher and your potential customers find and trust you
- Create unique and authentic content to drive conversations and fuel online searches leading to more quality leads, inquiries, and sales.
CLICK HERE TO DOWNLOAD YOUR FREE SEO CHECKLIST
If you found this article helpful, we’d love it if you could share it – thank you
Hazel Jarrett, director of SEO at SEO+, is well-known in the SEO space, has won many awards during her 20-year career and has been published on various well-known sites. Through her services and training programs, her SEO strategies have generated 10s of millions of sales for her clients, earning her a big reputation for delivering the results that matter.
Want to follow Hazel on social media? You’ll find her via the icons below.
Great article thanks. You’ve summarised it nicely. Have shared on my Facebook page.
Thanks for the comment and the share Philip… appreciated.
I’ve already started getting “warned” by Google that my own site isn’t secure and it isn’t even October, ugh.
Hey Kristin, have you got plans to convert your website over to HTTPs?
So happy I switched to https. Thanks for this information, I will make sure to share it.
That’s great to hear Sharon. Thank you for sharing.
YEAH !!! I am ahead of the curve and all switched over.
Awesome!
Hi Hazel,
Wow! Am I glad I switched to HTTPS! I also wrote about the need to switch to HTTPS but after reading your post, I updated mine. I linked to you, of course.
Janice
Great that you were already aware of this Janice. Thank you for the link.
I don’t like what Google is doing here.Yes, security is a big issue and if you have a membership site or take money via your site then it’s a given that it should have an https cert. But if your a blog and all you do is share information, you don’t have members logging in, you don’t take payments, you offer no downloads then I see it as a needless expense. And it is not even the money that is the problem its the time involved and all the redirects you have to set up etc etc. It’s jumping through hoops for no good reason. And those selling certs are pocketing big money, they are already ripping us off with the cost of renewing domains, that price has rocketed.
A lot of people feel the same way Dexter. It seems, however, that Google is intent on secure searching and protecting the privacy of web users against malicious attacks and will make it increasingly harder for those that decide to remain unsecured.
Maybe I overlooked something but no where in the source of this article does Google say non HTTPS sites will result in a loss of rankings.
Hi Hazel,
I’m afraid I’m another who agrees with Dexter. I haven’t done anything about it so far but looks like I will have to eventually. I have even given some thought to not having a blog at all but I do like to write and have a place where it’s all together.
Thanks for all the information. I’ll probably wait until the last minute just because I’m a bit stubborn at times.
Great article Hazel, really insightful.
Keep up the awesome work!
Hi there to every one, the contents present at this web page are truly amazing for people knowledge, well,
keep up the good work fellows.
If you starting out with a new website I would highly recommend you use HTTPS from the start. I just recently acquired a website that didn’t have HTTPS fully across the site. I made the commitment to force everything to HTTPS and covered all what to do’s when moving to HTTPS. What I found out after the change was made I lost about 25% of daily visitors, thus effecting income, even 6 weeks on this hasn’t moved in a upwardly direction.
I’m still glad that it’s done as I believe HTTPS should mandatory, it’s just that people need to be aware of the possibility of getting less daily traffic to their site before making this commitment.
There’s really no reason not to use https now that you can get free SSL certificates from Let’s Encrypt. And no, unlike what the commenter above says, you’re not going to lose traffic by making the switch.