Try this. Yes, now. Look up at the address bar. Yes, you. Look to the right of the refresh button. You will see a green lock with the word ‘Secure’ (or just a green lock if you’re using Firefox, or a lock in the address bar on Safari). This simple addition makes a world of difference to Google and internet users.
The green lock, or ‘Secure’, is only displayed on websites that have SSL certificates behind them (websites and URLs beginning with ‘https’). Not only does an SSL certificate secure your website’s connection, it will also boost your organic search rankings. Eventually (very soon), all websites will need to be marked ‘Secure’ in order to rank.
Ok… before we go any further, let’s work out what an SSL certificate is, and why it’s important. An SSL certificate secures browser to server communication, allowing information captured by a website (typically via a form) to be transmitted safely from server to browser and browser to server without being tampered with or removed. SSL certificates basically secure credit card transactions, data transfers and logins. Without an SSL certificate, personal information including credit card details, usernames, and passwords can be more easily stolen by hackers.
Google’s main focus is keeping consumers safe online – so, it’s no surprise they are cracking down on SSL certificates. Information collected through online shopping has made website security a topic of conversation for years (remember when your parents were too scared to shop online?). Today, consumers are sharing their personal information more and more freely, with the expectation that the website they are using is capturing their data securely. I don’t know about you, but I certainly expect my credit card details to be secure when I’m making an online purchase. Or, my passport number when I’m booking an International flight. Online security is a necessity, not a “nice to have”.
What has Google done so far?
Secure, Not Secure
Last year, Chrome started marking HTTP websites with password or credit card fields as “NOT SECURE” in the address bar. This then extended to websites that had forms where users were asked to share any information (including email addresses, phone numbers, and names).
Google will mark all HTTP sites as “not secure” and will soon (July 2018) start serving full-page warnings to visitors of websites without a logged certificate.
How do I check if my website is affected?
- Type in your website’s URL in Chrome and check if ‘Secure’ appears to the left of the address bar.
- If it does – you’re in the clear. But, maybe not completely. You should probably read the next section.
- If it doesn’t, you need to secure your site with HTTPS as soon as possible.
Distrust of Symantec certificate authority
Google then announced its plan to disfavour Chrome’s trust in the Symantec certificate authority with an aim to sustain the security and privacy of users when browsing the web.
Now, Google has announced that all remaining Symantec SSL/TLS certificates will stop working with the release of Chrome 70 later this year. If your website is using a Symantec SSL/TLS certificate that was issued before 1 June 2016, this means you may need to update your HTTPS certificate to avoid having your site labelled as unsafe and being broken in upcoming versions of major browsers.
How do I check if my website is or will be affected?
|Browser||Stable Release||What you need to do|
Chrome Beta users started experiencing the failures as of 15 March 2018.
|15 Mar 2018|
Beta version expected to be released in Sep 2018.
Once it’s released, all remaining Symantec SSL/TLS certificates will stop working.
|16 Oct 2018||
What are the benefits of having a secure site?
Even if you don’t collect any information on your website, you should definitely take steps to ensure it’s secure. Here’s why:
- Improved SEO rankings – websites that aren’t secure will get penalised and outranked.
- Security – HTTPS protects your website and your users’ information from hackers. Setting up a secure HTTPS site is the minimum precaution you should take.
- Updated browser labels – Your website users will feel safe when they see your site marked ‘Secure’, and in turn more confident to use your website.
- Increased conversions – Research shows that over 80% of respondents would abandon a purchase on a non-secure site. Customers are much more likely to make a purchase if they know your site is secure. There is also evidence that having a secure site can improve lead generation.
Ok so SSL Certificates are important and I don’t have one, so how do I install an SSL Certificate? Well, it depends on how your website was set up and generally we recommend a webmaster to implement an SSL/TLS Certificate as it’s not worth the hassle if not done correctly. That being said if you’re confident in your ability to it yourself here are some great articles on how to install an SSL/TLS Certificate:
Google has made its position on SSL clear – HTTPS will be the norm, not the exception. So, what are you waiting for? If you’re not sure where to start, we can help. SSL certificates are implemented as part of our SEO campaigns. Just reach out and we’ll work with you to get your site ready for this imminent change.