Posts

Google has given webmasters their final warning to convert their sites to HTTPS or be branded as “Not Secure” with a prominent message in the browser bar of all Chrome and all Chrome-based browsers after October of this year.

Why is Google doing this?

Google has been urging webmasters to switch their sites to the more secure HTTPS security protocol for years, using increasingly drastic measures. Currently, Google is denoting sites that are secure using a green icon in the browser bar. Since so many sites have now adopted the protocol, Google is taking this a step further with a prominent red warning for sites that are not secure.

What does this mean for you?

Internet users don’t give up their information easily. They have to trust that you won’t let their data be breached or misuse their information. If they see that your site is specifically “Not Secure”, they simply aren’t going to trust you with anything.

That could mean increasing bounce-rates for your website, fewer e-commerce sales, fewer newsletter sign-ups, or fewer internet-driven leads for your business.

Two-Stage Roll Out

Rather than “switching on” the security warnings all at once, Google will be rolling out the change in two steps.

First, Chrome will remove the green icon signifying safe websites from browser bars. In its place, they will temporarily leave the small lock icon in its place.

Then, beginning in October, Google will introduce the official red icon identifying sites that are “Not Secure.”

This latest warning from Google gives webmasters plenty of time to make the switch, but I advise taking action sooner rather than later. You can get started right now with Google’s HTTPS set-up guides here.

Google HTTPS Warning

Google is making some changes to protect users’ sensitive information online, and it could lead to your site being marked as non-secure by Google’s web browser at the end of this month.

Google released a warning that as of the end of January 2017, Chrome will mark sites without HTTPS as non-secure if they collect private information like passwords or credit cards.

Google #NoHacked HTTPS

“Enabling HTTPS on your whole site is important, but if your site collects passwords, payment info, or any other personal information, it’s critical to use HTTPS.”

The company has encouraged implementing HTTPS in the past by making it a (very minor) search ranking signal. Now, from the sound of the alert, the company says an entire site will need to be HTTPS if any pages collect payment or sensitive information.

Switching over to HTTPS is an easy process, but you should begin preparing to make the switch now if your site fits the criteria. Otherwise, you are likely to be flagged as non-secure in February and lose a large amount of your web traffic.

HTTPS

It has now been two years since Google announced it would be making HTTPS a minor ranking signal, and a recent study from Moz shows just how many sites have made the switch since then.

After Google’s announcement, there was an initial surge in sites changing from HTTP to HTTPS, but many held back to assess just how important the security protocol was to the search engine and ultimately decided it wasn’t worth the risk. Google only considers HTTPS a minor factor in their ranking algorithm and there has been concern about potential risks when making the switch.

To check up how far along the transition is, Dr. Pete Meyer from Moz compiled data to see just how close is Google is to changing the web over to HTTPS.

Before Google started including HTTPS in its algorithm, Meyer says only around 7% of all pages featured on the first page of Google search results used the more secure protocol. A week after the switch that number had climbed to 8%. Since then, the number has steadily been rising, reaching over 30% this year.

Moz reports that “as of late June, our tracking data shows that 32.5% (almost one-third of page-1 Google results now use the “https:” protocol.”

However, Meyer says he is not convinced everyone that has made the switch was motivated by algorithms and ranking signals. Instead, he believes it is a sign that Google’s PR campaign to make HTTPS more attractive and desirable for sites is working.

Meyer also says that in another 1 to 1.5 years we are likely to see 50% of the sites shown on the first page of search results to use HTTPS, which he predicts will lead Google to strengthen the ranking signal.

Ultimately, many are still hesitant about changing their entire site’s HTML structure to HTTPS and the risks that come along with site-wide changes like this. However, Dr. Meyers says it is wise to keep an eye on how many sites in your industry are using the protocol and to be watchful for any upcoming algorithm updates that may make HTTPS even more prominent in search results.

Twitter Banner

Google made big news earlier this year when it declared it would favor sites that switch to HTTPS, and now Twitter is taking a similar path. A member of Twitter’s development team published a thread on the Twitter Community forum explaining the company’s future plans for HTTPS and setting a deadline for the company’s switch the HTTPS.

Starting October 1st, Twitter will begin utilizing HTTPS for all new outbound links, meaning any new link you share will be packed in “https://t.co”. This way Twitter can securely send users to their intended destination, even when the destination page is not an HTTPS link.

Similar changes have been made by popular sites such as Reddit and Wikipedia, however in those situations the sites began using HTTPS site-wide.

This will also have the added side effect of increasing URL lengths in the future, depriving you of one more character to write with when sharing a link.

This also causes issues with tracking referral traffic to non-HTTPS sites, as Twitter explains non-HTTPS sites may see an apparent decrease in referral numbers.

“Web browsers drop the Referer header from a request by default when downgrading from an HTTPS t.co link to an HTTP destination in compliance with the HTTP specification for the Referer header… Based on our estimates you may see a 10% drop in traffic attribution from Twitter as a result of this security change.”

The company also warns that sites will see a steady decrease in referral traffic recorded from Twitter in the future, as users update to the latest browsers that support this policy.