Many website owners have recently received a message in their Google Search Console warning that from October 2017, chrome will start to alert users visiting non-HTTPS sites that the web-page they are viewing is ‘Not Secure’.
This latest announcement shouldn’t come as a shock, as Google has time and time again promoted its mission to protect users’ security online and therefore its preference for HTTPS. In August 2014, Google first announced HTTPS would be used as a minor ranking signal and again in 2015 Google stated that by default it would index the HTTPS version of a page instead the HTTP version, if both exist.
In January 2017, Chrome took the first steps to make users more aware of the difference between HTTP and HTTPS sites, announcing a new measure to mark all HTTP pages that collect credit card information or passwords as ‘Non Secure’. You may have already noticed this warning in your browser, when visiting such a site. See the ‘Not Secure’ warning in the image below for example.
Most recently, chrome announced that from October 2017, the ‘Not Secure’ message will be implemented on more HTTP pages, mainly in two new cases:
- Pages with fields for data entry, allowing a user to enter any type of information
- Any non-HTTPS page viewed in incognito mode will also see the message, as demonstrated in the image below.
This latest update may scare most website owners into moving their site to HTTPS, however in some cases it still may not be crucial to make this move. But before we get into the hows and whys, it’s important to understand exactly what HTTPS is.
Update 11th February 2018: Google announced on the 8th of February that from July 2018, Chrome will mark all HTTP sites as not secure. Read on to find out how to prepare and move your website to HTTPS.
What is HTTPS?
HTTPS- which stands for Hypertext Transfer Protocol Secure- is an internet communication protocol that protects data shared between a user’s computer and a website’s server. More simply put, users who enter data on an HTTPS page can trust that their data is encrypted in such a way that essentially removes the risk of their information being compromised or hacked by a 3rd party. (HTTPS can also be broken, but it is immensely harder for an attacker).
User data submitted through an HTTPS page is secured with three levels of protection:
- Encryption: the user’s data is encrypted to protect it from being accessed by anyone/thing other than your secured website. The encryption can only be ‘unlocked’ by the website with which the user communicates.
- Data Integrity: the data can not be corrupted or modified- if such an attempt is made, it will be detected.
- Authentication: man-in-the-middle-attacks and ‘eavesdropping’ are prevented, meaning users can not be tricked into thinking they are sharing their data with your site whilst it’s actually being shared with a 3rd-party scammer.
Are There Risks Involved With Shifting to HTTPS?
As is common with any site move (such as a domain name change for example), you can expect a short-term change in traffic and rankings. Having said this, Google has stated that the HTTPS protocol is a ranking factor, implying that moving your website to HTTPS can actually give it a small rankings boost. And as it is Google that strongly recommends the move to HTTPS, the recovery time in terms of organic rankings and traffic should be minimal, provided the move is planned and actioned carefully (see our tips below).
Should I Move My Website to HTTPS?
Whilst all of these announcements might have you calling your developer on speed dial, you should first consider if your entire website really needs to be moved to HTTPS. We have created 3 categories of websites to analyze the need for HTTPS:
|Type of Website||Move to HTTPS?||Action|
|Collects sensitive information such as passwords or credit card details.||Yes, urgently||Websites of this nature should have already been moved to HTTPS, or at least move the pages that collect the sensitive information.|
|Collects ‘less’ sensitive information, such as leads, newsletter sign ups, reviews, comments and more.||Yes||If the information is collected on the majority of pages on the site, move the whole site to HTTPS. If there are a small number of pages that require users to input data, you may consider moving just these pages to HTTPS.|
|Does not collect user data, such as a blog or informational website.||Not urgent||HTTPS is not crucial if there are no fields for data entry on your site. Note that the ‘Not Secure’ warning will appear on any page you collect user data, so consider the need for HTTPS if you plan on collecting user data in the future.|
Tips for Moving a Site to HTTPS
If you do decide to move your website to HTTPS, we recommend planning the move with the following tips in mind:
- Start by moving only a portion of your site: by moving sections of the site one-by-one you can measure the effects on traffic and rankings before making the big move. Once you have moved the first portion successfully, you can move the rest of the site in one go. Note the more pages that are moved at once, the more likely you are to encounter hiccups. So careful planning is crucial.
- Implement the move during a low-traffic period: whether it be low season or just the quietest day of the week, moving your site during times of low traffic enables you to reduce the impact of any negative effects from the move.
Have patience when it comes to rankings and traffic: Google states that it will take a few weeks for medium-sized websites to be completely re-indexed, whilst larger sites will take longer. Submitting a sitemap via the search console can help speed up the process.