Posts

Google has given webmasters their final warning to convert their sites to HTTPS or be branded as “Not Secure” with a prominent message in the browser bar of all Chrome and all Chrome-based browsers after October of this year.

Why is Google doing this?

Google has been urging webmasters to switch their sites to the more secure HTTPS security protocol for years, using increasingly drastic measures. Currently, Google is denoting sites that are secure using a green icon in the browser bar. Since so many sites have now adopted the protocol, Google is taking this a step further with a prominent red warning for sites that are not secure.

What does this mean for you?

Internet users don’t give up their information easily. They have to trust that you won’t let their data be breached or misuse their information. If they see that your site is specifically “Not Secure”, they simply aren’t going to trust you with anything.

That could mean increasing bounce-rates for your website, fewer e-commerce sales, fewer newsletter sign-ups, or fewer internet-driven leads for your business.

Two-Stage Roll Out

Rather than “switching on” the security warnings all at once, Google will be rolling out the change in two steps.

First, Chrome will remove the green icon signifying safe websites from browser bars. In its place, they will temporarily leave the small lock icon in its place.

Then, beginning in October, Google will introduce the official red icon identifying sites that are “Not Secure.”

This latest warning from Google gives webmasters plenty of time to make the switch, but I advise taking action sooner rather than later. You can get started right now with Google’s HTTPS set-up guides here.

Do you have a search box or form on your website? Are you still using HTTP for your site? If so, you may want to begin the process of switching to HTTPS sooner rather than later.

Google says it is preparing to launch new efforts within their Chrome browser to encourage webmasters to migrate to HTTPS, the newer, more secure security certificate for websites. Beginning I October, the browser will begin showing warning messages to visitors on pages with search boxes or forms.

As Google says, “[in] October 2017, Chrome will show the ‘Not secure’ warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.”

You can preview what the warning will look like in the gif below:

 

The warnings are just the latest effort by Google to encourage the adoption of HTTPS. Just recently, Chrome warned webmasters that pages with logins are now required to use HTTPS.

The end goal for Google is to mark any web page using HTTP as insecure, but it could be a lengthy process.

HTTPS
Between the countless public hacks, identity thieves, and an increasing awareness of how vulnerable personal information is, protecting customer’s personal data has become a hot-button topic over the past year.

Perhaps this may be why an increasing number of sites are switching to the more secure HTTPS web security protocol. In fact, a new report from Moz suggests the more than half of first page listings on Google are using HTTPS.

While Google has suggested site security could potentially influence a website’s ranking, Moz says the steady growth of HTTPS suggests the rise is more likely attributed to sites making the switch – not an algorithm update. Google has also stated that it has no plans to increase the weight of HTTPS on rankings in the future.

To verify the findings, Moz worked with Rank Ranger who produced almost the exact same results using its system.

Dr. Pete Meyers, who reported the findings for Moz, believes up to 65% of front page results on Google could be using HTTPS by the end of the year. This is entirely possible, given that Chrome is set to begin marking non-HTTPS pages as non-secure if they ask for personal information such as a password or credit card information.

Interestingly, the growth of HTTPS appears to be fairly equal across markets. The results suggest approximately half of the biggest names in Google search results have adopted the security protocol, while newer pages are using HTTPS because it is inexpensive and easy to use.

Google HTTPS Warning

Google is making some changes to protect users’ sensitive information online, and it could lead to your site being marked as non-secure by Google’s web browser at the end of this month.

Google released a warning that as of the end of January 2017, Chrome will mark sites without HTTPS as non-secure if they collect private information like passwords or credit cards.

Google #NoHacked HTTPS

“Enabling HTTPS on your whole site is important, but if your site collects passwords, payment info, or any other personal information, it’s critical to use HTTPS.”

The company has encouraged implementing HTTPS in the past by making it a (very minor) search ranking signal. Now, from the sound of the alert, the company says an entire site will need to be HTTPS if any pages collect payment or sensitive information.

Switching over to HTTPS is an easy process, but you should begin preparing to make the switch now if your site fits the criteria. Otherwise, you are likely to be flagged as non-secure in February and lose a large amount of your web traffic.

HTTPS

It has now been two years since Google announced it would be making HTTPS a minor ranking signal, and a recent study from Moz shows just how many sites have made the switch since then.

After Google’s announcement, there was an initial surge in sites changing from HTTP to HTTPS, but many held back to assess just how important the security protocol was to the search engine and ultimately decided it wasn’t worth the risk. Google only considers HTTPS a minor factor in their ranking algorithm and there has been concern about potential risks when making the switch.

To check up how far along the transition is, Dr. Pete Meyer from Moz compiled data to see just how close is Google is to changing the web over to HTTPS.

Before Google started including HTTPS in its algorithm, Meyer says only around 7% of all pages featured on the first page of Google search results used the more secure protocol. A week after the switch that number had climbed to 8%. Since then, the number has steadily been rising, reaching over 30% this year.

Moz reports that “as of late June, our tracking data shows that 32.5% (almost one-third of page-1 Google results now use the “https:” protocol.”

However, Meyer says he is not convinced everyone that has made the switch was motivated by algorithms and ranking signals. Instead, he believes it is a sign that Google’s PR campaign to make HTTPS more attractive and desirable for sites is working.

Meyer also says that in another 1 to 1.5 years we are likely to see 50% of the sites shown on the first page of search results to use HTTPS, which he predicts will lead Google to strengthen the ranking signal.

Ultimately, many are still hesitant about changing their entire site’s HTML structure to HTTPS and the risks that come along with site-wide changes like this. However, Dr. Meyers says it is wise to keep an eye on how many sites in your industry are using the protocol and to be watchful for any upcoming algorithm updates that may make HTTPS even more prominent in search results.

google-alerts1

Google is continuing its efforts to promote privacy in search by prioritizing indexing HTTPS pages over their HTTP equivalents.

In the announcement, Google explains its long-term aim is to eventually direct users to secure webpages with a private connection. The step to only index HTTPS pages when an HTTP equivalent exists is their most recent move in this process, following the small rankings boost given to HTTPS pages last year.

Unlike the change to Google’s algorithm in August 2014, this move will not have any effect on rankings. Instead, it simply means that Googlebot will only index the HTTPS version of a URL when both an HTTPS and HTTP version exist.

While Google’s commitment to secure search may lead to more rankings boosts for HTTPS pages in the future, this change is mostly to improve the efficiency of Google’s current indexing process. As they explain in their announcement:

“Browsing the web should be a private experience between the user and the website, and must not be subject to eavesdropping, man-in-the-middle attacks, or data modification. This is why we’ve been strongly promoting HTTPS everywhere.”

Much has been made out of the announcement that Google would include switching from HTTP to HTTPS in their ranking algorithm. Despite clearly stating that the factor would be lightweight in the initial announcement, the possibility of a relatively easy rankings boost drove lots of people to make the switch immediately.

In the aftermath studies from analytics groups such as SearchMetrics have suggested that any effect of switching URLs might have is largely unnoticeable. Now, Google’s John Mueller has basically admitted that the signal currently too lightweight to have any noticeable effect but that may change at some point in the future.

At 22 minutes and 21 seconds in a recent video hangout, Mueller explained that HTTPS is a ranking signal but it is only a “very lightweight signal” and there aren’t any plans to change that in the future.

Jennifer Slegg was the first to report Mueller’s statement and transcribed it:

I wouldn’t expect any visible change when you move from http to https, just from that change, just from SEO reasons. That kind of ranking effect is very small and very subtle. It’s not something where you will see a rise in rankings just from going to https

I think that in the long run, it is definitely a good idea, and we might make that factor stronger at some point, maybe years in the future, but at the moment you won’t see any magical SEO advantage from doing that.

That said, anytime you make significant changes in your site, change the site’s URLs, you are definitely going to see some fluctuations in the short term. So you’ll likely see some drop or some changes as we recrawl and reindex everything. In the long run, it will settle down to about the same place, it won’t settle down to some place that’s like a point higher or something like that.

You can see the video below:

google-security-360A few weeks ago, Google announced they would begin favoring sites who switch to HTTPS in search results. At the time of the announcement, most of the SEO community was skeptical at best and few believed the HTTPS ranking factor would have any effect on rankings whatsoever. Well, it has been a couple of weeks and we have the verdict.

The skeptics were absolutely right.

SearchMetrics decided to evaluate whether HTTPS had any discernible effect on search results of any form. According to Marcus Tober of SearchMetrics, there is no data to prove HTTPS has any effect on Google rankings after the launch of the ranking factor.

In a nutshell: No relationships have been discernible to date from the data analyzed by us between HTTPS and rankings nor are there any differences between HTTP and HTTPS. In my opinion therefore, Google has not yet rolled out this ranking factor – and/or this factor only affects such a small section of the index to date that it was not possible to identify it with our data.

Tober shared his data along with his report, and it all matches all the anecdotal evidence available as well. Site owners across the web rushed to update their site to the new favored HTTPS, but there is nary a single story I could find suggesting it had any ranking influence at all.

At the time of the announcement, Google did suggest that switching over could possibly influence rankings, but they also called it a “very lightweight signal” so there’s no need to grab your pitchforks. But, these results may have some lessons for those who were expecting and easy and quick ratings boost with minimal work.

google-security-360In the past, several Google employees have suggested they would like to see site security included as a ranking factor within their search engine. Now, Google has followed through and announced that going HTTPS, or adding a SSL 2048-bit key certificate on your site, can potentially give you a small ranking boost.

Don’t expect to propel yourself to the top of the search results by adding HTTPS, as Google refers to it as “a very lightweight signal” within the larger scheme of things and only affects “fewer than 1% of global queries.” However, it was also implied that the new ranking signal may get beefed up in the future in an attempt to encourage all site owners to increase the security on their sites.

The change should come as little surprise to anyone who heard Matt Cutts, Google’s head of search spam, publicly endorse the idea of making SSL a ranking factor just a few months ago.

Unlike many ranking changes that Google makes, the risk of drawbacks is small. Google has been saying that switching to HTTPS should not have an effect on SEO for years, so long as you take a few steps to guarantee your traffic stays steady. Mostly, such steps relate to communicating to Google so it understands how to read your site.

Google has also said they will be releasing for information and resources for webmasters deciding to adopt HTTPS, but for now all they offer are these tips:

  • Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
  • Use 2048-bit key certificates
  • Use relative URLs for resources that reside on the same secure domain
  • Use protocol relative URLs for all other domains
  • Check out our site move article for more guidelines on how to change your website’s address
  • Don’t block your HTTPS site from crawling using robots.txt
  • Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.