October is about to get scary. And not just because of Halloween.
Google has been pushing the internet at large towards SSL (Secure Sockets Layer) for quite some time now. Back in 2014, they indicated that HTTPS would be a ranking signal. Then in January 2017, they started warning websites and their visitors that entering a password might not be secure on a non-SSL site. Web security firm Sucuri has already found indications that Google may have been blacklisting some websites with forms but no SSL certificates.
So what is Google doing with SSL in October 2017?
In October 2017, Google will be alerting Chrome users that any website using any type of form and not using HTTPS is “not secure.” If you are using Google Search Console to track your website, you may have already seen an email like this one, alerting you to the upcoming changes, and informing you which pages of your site are an issue:
Google will be marking your website as “Not Secure” in its Chrome browser, starting in October, if your website does not have an SSL certificate and collects ANY type of information from your visitors through a web form. In the long term, it is likely that Google will be marking all non-HTTPS websites as “not secure,” whether they use web forms or not.
That will look like this – with a crossed out lock on a red background, a big “Not Secure” notice, and a warning at the top of the page.
Photo courtesy of https://developers.google.com/
Wait, back up. What is SSL, anyway?
SSL means Secure Sockets Layer. It creates an encrypted link between your visitor’s browser and your website. HTTPS (HTTP over Transport Layer Security), a communications protocol, is often used interchangeably with SSL. The “S” of HTTPS means that communication with the website is encrypted by Transport Layer Security or Secure Sockets Layer technology. Basically, this means that someone else can’t “listen in” on the information exchanged between your visitor and your website.
How do I know if my website is using an SSL certificate?
This is an easy one! Look up in your browser’s address bar. There are three options:
- Your URL starts with http:// or just www, with an “i” for “information” icon, or other visual indicator NOT showing the site is secure. This means your website IS NOT using an SSL certificate. You can click on the “i” icon for more information.
- Your URL starts with https://, and shows “secure” or a padlock, or some other visual indicator of security. This means your website IS using an SSL certificate, you are all set!
- Your URL starts with https://, but shows a warning sign, “i” / “information” icon, or other indication of a problem. This means that your website may be using an SSL certificate, but that it is not configured properly or has non-secure items, like images, on the page. If this is the case, contact your trusted web developer to see how to fix this.
Let’s cut to the chase.
Contact RED now to set up an SSL certificate for your website.
Why does Google get to make the rules about SSL?
It may not seem fair that Google is “forcing” this on you by using SSL as a ranking signal, or showing your site as “not secure” in its Chrome browser. But according to StatCounter, Google has cornered the market on search engines, with an estimated share of 90%. With users overwhelmingly using Google to search the internet, this means that the way Google ranks websites is important to your own website’s rankings.
Also, according to W3 Schools, as of August 2017, about 76% of internet users use Chrome. That makes it highly likely that a good number of your visitors use Chrome. Those visitors will see this warning on your website as early as next month, if Chrome sees you are not using an SSL certificate but are collecting any data via web forms from your visitors.
In any case, a more secure internet is good for all of us.
So an SSL certificate means my site is secure, right?
Not exactly. We are talking about two different security issues here. What SSL means is the traffic between your visitors and your website is encrypted. An SSL certificate doesn’t prevent your website itself from being hacked. But never fear, if RED is taking care of your website, we have other safeguards in place for that. What the SSL certificate does is prove to your visitors that you take their privacy seriously. As a bonus, it keeps your search engine rankings up in Google.
I don’t have e-commerce or any forms on my website. Do I really have to do this?
Before you say you don’t have any forms, let me just point out that this includes contact forms, any search forms on your website, and even the login form for the administrative area of your website. Even if you truly don’t have any forms or e-commerce shops on your website, then let me put it this way. Is trust important in your business or organization? If the answer is yes, then keep reading.
- If you happen to have been affected by the recent Equifax debacle, like about half of all Americans, you know how vulnerable that makes you feel. You don’t want your website visitors or clients feeling that way.
- SSL shows your visitors and clients that you are security-minded and intend to keep their information private. SSL prevents any third party from viewing any of the information shared between your visitor and your website.
- As more and more people look for the secure padlock on websites they visit, is it worth it to you to lose their visit to a competitor who is using HTTPS?
As Billy Joel put it (perhaps in a slightly different context), “It’s a matter of trust.”
Ok. I’m convinced. What do I do?
Step 1: Sign up for an SSL certificate, often through your web hosting company.
Step 2: Contact your web developer to update your website to use it.
Do you want help getting started? Contact RED now.