This fall, Google Chrome announced that it will slap all HTTP pages that have text input fields with a “NOT SECURE” warning when users land on your site.
These input fields can be anything from contact forms to search bars. This red warning will also show up on any HTTP websites viewed in Incognito mode.
Google Chrome prefers sites that are trusted and certified — specifically, HTTPS sites over HTTP sites. And this new security label will affect more than half the sites on the web, according to Wired—there’s a 50% chance your website isn’t secure.
Not sure whether you have an HTTP or HTTPS site? Look up at the URL bar — it will either read http or https at the beginning of your URL.
If you’ve got an HTTP site, this new change could lead to bad news for both user interaction on your site and your overall SEO strategy — including your search rankings in Google.
Why is your HTTP site suddenly being given the side-eye by Google?
Google wants to make sure any information submitted through a form on your website is protected from spammers and hackers. HTTPS sites are more secure at storing and sending sensitive user information than HTTP sites.
Google's Chrome browser already educates users about the security of a site, but up until now its attempts have been more subdued.
Here's how Chrome currently differentiates between an HTTP and an HTTPS site:
Once Google’s new security labelling is implemented, your HTTP site will show up like this:
Image via googleblog.com.
Users are becoming more sensitive to offering up information on sites that aren’t deemed secure by major search engines like Google. According to a European survey from GlobalSign, 77% of websites visitors are concerned about their data being intercepted or misused online.
By essentially forcing site owners to switch over to HTTPS, Google is attempting to keep more user information out of the hands of hackers and spammers.
Currently, half of all page 1 Google search results are HTTPS sites. This is up from less than 30% in 2016.
And based on the pressure from Google Chrome, the trend of rising HTTPS sites will continue.
HTTP vs. HTTPS - What’s the difference?
HTTP stands for a website that uses HyperText Transfer Protocol when users submit information, while HTTPS stands for a website that uses HyperText Transfer Protocol Secure.
With HTTPS sites, the client (your browser) and the site essentially use a "secret code" for all communications. This process is known as encryption and results in scrambled messages that can’t be read by hackers.
What happens if I keep my HTTP site?
If you don’t change your site from an HTTP to an HTTPS, you could see two major issues with your HTTP site: loss in Google search ranking, and higher user bounce rates.
Your users' trust and engagement is dependent on knowing your site is secure, and that their info will be protected.
Any users who see “NOT SECURE” when landing on a site or page will probably feel less-than-eager to offer up their information. Not only that, but HTTP sites also load significantly slower. Hesitation and slow load times can make a big dent in your conversion rate and bounce users off your site at a much higher rate.
Not to mention the hit your site can take in Google search rankings for not being secure.
Even back in 2014, Google representatives said they would start giving preference to HTTPS sites, giving these sites stronger ranking power in the algorithm. But now, Google is going to start penalizing sites that aren't HTTPS.
With less traffic being driven to your site and slower loading speeds, this lapse in visibility and usability can mean a big loss in qualified leads and happy users in 2018.
What can I do?
The solution is simple: If your website has an SSL certificate, Google won’t show the “warning” message when users visit your site.
An SSL certificate is a data file that digitally binds a cryptographic key to all your form submissions. This provides a secure connection from all form submissions to your email. This is also what converts your HTTP site into an HTTPS site.
By adding an SSL certificate and showing the green padlock next to your URL, your site benefits from the credibility of “SSL trust.”
An SSL certificate will also help protect your clients’ information from being compromised when they submit information through a form on your website.
The biggest mistakes you can make when moving to HTTPS:
Although you will need an SSL certificate to make your site more secure, it's not a simple switch—there are ways for this process to go awry.
An SSL certificate changes the URLs of your site pages, requiring redirects to reconcile the difference and send users to the right place.
A botched redirect job can lead to negative consequences for your site.
Beware of the following common mistakes that could set your site back even further if you attempt an incorrect SSL certificate implementation:
- Only implementing a domain level redirect from HTTP to HTTPS on your homepage
- Having HTTP resources on your new HTTPS site (which will lead to mixed content)
- Leaving an HTTP version of your site live and not properly redirecting to your new site (which will lead to duplicate content)
- Getting the wrong certificate for your site — there are different options for regular domains vs. subdomains, plus other factors that need consideration
- Not re-submitting your sitemap via Google Search Console to index the HTTPS version
If your redirects aren’t done right, you could do more harm than good when it comes to your site’s visibility on Google.
Plus, you’ll need to take additional post-redirect steps to ensure the full indexing of your new HTTPS URLs.
Let the experts handle the move
Once your SSL certificate has been implemented, it’ll take a little time for Google to fully re-index your website.
But a thorough SEO strategy can help you get the show on the road and make sure your site is in order and gets re-crawled asap.
BKMedia Group can handle the technical details of your HTTP to HTTPS migration so you can focus on what you do best. Contact us today to get your site back in good graces with Google and win user trust >