At Highstreet Advertising we pride ourselves in keeping websites safe and secure. With this in mind, we want to inform you of recent changes Google has made concerning http and https that will directly affect how your website is viewed and perceived as secure.
Google and Google’s web browser Chrome are making changes to the way it displays security for websites. Even if you don’t use the Google Chrome browser, over 60% of those searching are using it. This post informs you of those changes, how it affects you, and what you can do about it.
Let’s start with some information first. This might get a little “techy”, however, we do need to share some of the tech details to illustrate why this is important.
The Google Chrome browser will mark http pages with forms as “not secure”.
All websites have either http or https at the beginning of their domain name in the browser. When your site shows https that means your site is secure and your information is being encrypted when you make a purchase with an e-commerce website, create a user name to save your information for future shopping, fill out a form, etc.
What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data between the user’s computer and the site. Users expect a secure and private online experience when using a website. We encourage you to adopt HTTPS in order to protect your users’ connection to your website, regardless of the content on the site.
Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:
- Encryption—encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages, or steal their information.
- Data integrity—data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
- Authentication—proves that your users communicate with the intended website. It protects against man-in-the-middle attacksand builds user trust, which translates into other business benefits.
Why does this matter?
Currently Google Chrome is marking non-secure pages containing password and credit card input fields (pretty much any contact form) as Not Secure in the URL bar. See below.
It’s not too noticeable. However, in the future, this warning will appear on ALL pages served over HTTP vs HTTPS and it will be in RED, like this:
This may easily be interpreted by visitors to mean that your site has been hacked or compromised affecting the “perceived credibility of your website.”
How do I get https to show on my website and avoid the NOT SECURE warning?
You will need to purchase an SSL certificate that renews yearly. This SSL certificate automatically creates a secure, encrypted connection with a visitor’s browser. It will show a green padlock and say “secure”, next to your URL.
SSL certificate types
- Domain Validation (DV) SSL (personal and business websites)
- Extended Validation (EV) SSL (ecommerce websites)
Unless you sell things on your website, a Domain Validation (DV) SSL is what you will need. This SSL proves domain ownership, boosts Google ranking and has a strong encryption for passing information when people submit forms via your website.
Do I have to update right now to an SSL Certificate? Do I have to update at all?
This answer is a little subjective depending on the goals and usage of your website. However, it is something you need to do in the next 6-9 months. The NOT SECURE warning can affect how people view your website.
Other than security, the HTTPS/SSL can affect:
- Google Search Ranking: research shows that Google HTTPS Ranking is real. SSL DOES correlate with higher rankings
- Google My Business: (your map and business information) You will be ranked lower in the Google My Business listing compared to others that have the HTTPS/SSL
- Safety for your visitors: When visitors are on your website using unencrypted Wi-Fi networks, anyone in the same local network (coffee shop, etc) with the right software, can discover sensitive information about your visitors. It protects user data, but also ensures the user is connecting to an authentic site and not a fake one.
What do I do now?
Highstreet has done the research and knows the steps needed to purchase, install and update your site so it performs correctly and talks correctly with Google. Because this is not a simple flip of a switch, there is an extra cost beyond the purchase of the SSL.
Highstreet SSL Certificate purchase, install, setup and site review
(One time fee, includes first year of SSL)
- Purchase of Domain Validation (DV) SSL good for one year ($60 annual cost)
- Install and setup of SSL certificate
- Migrate site URL from http to https, handle any redirects, and detect for any crawl issues
- Use Google Search Console to monitor and manage the move, prompt Google to crawl and index the https site, fix any issues
- Site audit report of your website for transparency
The initial purchase and setup of the SSL are fairly quick; however, the migration, monitoring and final site audit will be done over a period of 2-3 weeks. We update Google Analytics and use the Google Search Console / Webmaster Tools to do various checks and sitemap submissions so that Google is talking correctly to your new HTTPS configuration.
We strive for transparency in what we do and how we manage projects. Contact firstname.lastname@example.org or call 253-845-0230 for more information and pricing.