For many years, the use of an SSL certificate was the exclusive domain of, well, domains that needed to sell online. If your website took credit and debit card details of customers you would have an SSL certificate to give your checkout pages the https protocol. That was the ‘secure’ protocol represented by the padlock icon in your browser.
If your website didn’t take payments from visitors, you didn’t need an SSL certificate. In truth, with many retail websites using third party payment systems such as PayPal or SagePay, even those websites didn’t strictly need an SSL certificate because customers weren’t adding payment details to the websites themselves, they were adding their payment details directly into the payment provider websites.
Of course it always helped to have one anyway as it bolstered customer confidence. They liked to see the padlock, it gave them a sense of security.
This year, however, Google has really been stepping up its war on spam and one of the ways it plans on combating the sort of websites that may not be of sufficient quality is to look favourably on websites that use https, and to look down on those that don’t.
But what does this mean, in real terms?
At SAScon last month, almost every talk around ‘SEO’ talked about the importance of a website’s speed and about https. It’s widely accepted now within the SEO community that a website should be https as standard, as the website’s Google rankings could be affected if it’s not. Google has gone a stage further than just implying that rankings could be affected, however, and has issued warnings to site owners that their websites will trigger warnings in Google’s own browser, Chrome, if they have forms on pages that are not https.
Google has warned site owners with the following message:
“Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.
The following URLs on your site include text input fields (such as < input type=”text” > or < input type=”email” >) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ data. This list is not exhaustive.
The new warning is part of a long term plan to mark all pages served over HTTP as “not secure”.
Here’s how to fix this problem:
Migrate to HTTPS
To prevent the “Not Secure” notification from appearing when Chrome users visit your site, only collect user input data on pages served using HTTPS.”
If this sounds a bit confusing, it’s because it is. Google goes into more detail on https here.
This means that, in order to not suffer in Google’s rankings and to avoid the warning message in Google Chrome, your website will need to have an SSL certificate installed by October of this year. Simply adding an SSL certificate isn’t that easy, however, as you also need to make sure your website’s pages are correctly redirected from the http versions to the https versions otherwise you could lose a lot of rankings while Google reindexes your website.
Furthermore, you need to make sure your https pages are not including content from external websites using the http protocol, as that will invalidate the certificate on that page.
There is a lot to consider when adding an SSL certificate to a website, and it’s something Engage Web is recommending to all of our hosting and online marketing clients. If you’re worried about your rankings in Google as a result of not having an SSL certificate, or about the warnings your website may receive in Google Chrome, contact Engage Web today for a friendly chat.