14 June 2018
For the past few years Google has been placing websites that use encrypted HTTPS above the less secure HTTP in its search results.
We all know that we should look for HTTPS when we are, for example, buying or transacting online by looking for https in the address bar of your browser (e.g. https://www.example.co.uk). We may be less concerned, and probably comfortable, with http://example.co.uk when we are just looking at brochure websites.
For this reason, Google’s stance may not have had every business running around to swap to more secure HTTPS especially if they didn’t operate transactional websites. However, the change that’s coming this July will likely see a bigger impact.
When the new version of Chrome is released this month, visitors to sites that are only using HTTP will see a message that states ‘Not Secure’ in their browser.
Clearly this isn’t ideal for any business. No company wants visitors and potential buyers to be told that their site isn’t secure before they’ve even had a chance to browse, never mind make a purchase. And this will happen even if the checkout process is completely secure but the rest of the site doesn’t use HTTPS. Equally so, no business wants visitors turned away from their simple brochure website because they’ve seen a ‘Not Secure’ message.
Coming from Google, such a trusted search engine, buyers are likely to take this warning very seriously, and could potentially disappear off to your competitors never to be seen again if they have HTTPS on their site and you don’t, so this piece of news is definitely worth paying attention to.
Google want you to know that there are too many hackers, fakes and spammers out there for customers to take a risk on a site that’s clearly marked as unsecure, when there are plenty of alternative sites available that use HTTPS.
They want to ensure that web users understand that not every HTTP site is secure, and to basically move the whole web across to HTTPS.
You need to arrange an SSL certificate with your hosting provider for each site you own and then set up 301 redirects from the old HTTP to the new HTTPS so that links still work and all the search engines know your site addresses have changed over. The redirects will also update people’s bookmarks to reflect the change.
If that sounds complicated don’t worry. Your web developer or IT department will be able to help you and Google has a free tool called Lighthouse to help find the areas of your website that still need to be changed to HTTPS.
Whatever you do, don’t take the risk and stick with HTTP. You can’t afford to be branded ‘Not Secure’ as the first thing people see when they visit your website.
If you need help or advice then get in touch with OwlTree. We will be happy to help.