Google Penalises Sites Without HTTPS
Chrome Now Warns Users About Unsecure Websites. Should You Be Concerned?
ABSOLUTELY, keeping personal and financial information safe and secure when browsing the internet is something we all value highly.
Encryption is an effective way that website publishers and businesses with an online presence or ecommerce portal ensure user data is safe, through encoding data in a way that only authorised parties can access it. This helps protect valuable user information from data breaches through hacking, phishing and other methods, which can lead to identity theft. HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one in the middle can tamper with the traffic or spy on what you’re doing. Without that encryption, someone with access to your router or ISP could intercept information sent to websites or inject malware into otherwise legitimate pages.
Google is working to ensuring this information is protected by using its clout to pressure companies into encrypting their websites with the HTTPS protocol by warning users about unencrypted sites. Since July Google Chrome has marked all HTTP sites as “not secure,” according to a blog post published by Chrome security product manager Emily Schechter. Chrome currently displays a neutral information icon, but starting with version 68, the browser will warn users with an extra notification in the address bar. Chrome currently marks HTTPS-encrypted sites with a green lock icon and “Secure” sign.
Google has been nudging users away from unencrypted sites for years, but this is the most forceful nudge yet. Google Chrome now prominently displays “NOT SECURE” warning messages to visitors when they land on websites with unencrypted webpages.
Look at the URL in the address bar in the LinkedIn image example. It begins with “https” which tells you something important. Any communication you have with this webpage is secure because it’s encrypted.
Google is pushing back against webpages with URLs that begin with “http” – no “s” – because they don’t encrypt communication between the user and the website. This means that communication may not be secure and the user’s interactions with the website can be hacked by a third party.
Recently, we wrote an article discussing how HTTPS/SSL Sites Boosts Ranks On Google. What we are seeing happening now is that Google is moving from a reward system to a punitive one.
Websites using SSL have continued to get an SEO boost since it became a confirmed ranking signal back in August 2014. It had been noticed a few months ago by multiple sources that Google was blacklisting non-HTTPS websites that allowed password fields and credit card forms to be filled.
The “NOT SECURE” warnings are part of Chrome 62, released in October 2017. With Chrome usage making up 57% of all internet browsers used, it is imperative for businesses to make the switch immediately. With eighty-one of the top 100 sites on the web default to HTTPS, and a strong majority of Chrome traffic is already encrypted. https://www.w3counter.com/globalstats.php
Many online users, as we know, may not notice the “NOT SECURE” warnings.
It is all up to site and business owners to protect their users from unknowingly sending sensitive information to their servers, with Google is taking on the role of policing this.
We’ve seen Google ramp this up continuously and we don’t expect any change in pace.
How can I determine if my site is affected?
There are a few questions you only need ask yourself:
- Does your site take any text input?
This includes contact forms, shopping details, search bars, login panels, etc.
- Is your website using HTTP:// in the address bar?
If you answered “yes” to both of those questions, you need to implement SSL to avoid showing a “NOT SECURE” warning in visitors’ browsers. You should also be forcing HTTPS on your site to avoid having users accidentally access the non-encrypted version of your site.
In a nutshell
It’s time for all website owners, hosts, agencies, and service providers to make the jump or educate their clients. There is increasing evidence that the longer you wait, the more risk you have of becoming blacklisted or labelled as “NOT SECURE”.
In July 2017, at MozCon (a prominent event for SEO), a talk about the top tips for SEO in 2017 was given.
At the top of the speaker’s list was a recommendation to implement SSL. Moz reported 50% of page one search results are HTTPS, based on the trend of sites switching to HTTPS and what is ranking in Google. Moz went onto say that we may see 70% of the page one results going to HTTPS by the end of 2017. The benefits and risks are becoming hard to ignore. https://searchengineland.com/moz-report-50-page-one-search-results-are-https-273659
From our perspective, this increased focus on SSL is a good thing for website owners. Hopefully, this leads to more interest in website security in general because unfortunately, even with SSL, websites are still at risk of being hacked and controlled by attackers.
One important thing to note here is that SSL does not mean the website is secure. While HTTPS keeps the visitor’s personal information secure in transit, SSL doesn’t provide any protection for the website against hacking.
Original Post from Google – https://blog.chromium.org/2017/04/next-steps-toward-more-connection.html