img

Security15 MAY 2018

Try this. Yes, now. Look up at the address bar. Yes, you. Look to the right of the refresh button. You will see a green lock with the word ‘Secure’ (or just a green lock if you’re using Firefox, or a lock in the address bar on Safari). This simple addition makes a world of difference to Google and internet users.

 

The green lock, or ‘Secure’, is only displayed on websites that have SSL certificates behind them (websites and URLs beginning with ‘https’). Not only does an SSL certificate secure your website’s connection, it will also boost your organic search rankings. Eventually (very soon), all websites will need to be marked ‘Secure’ in order to rank.

 

Rewind.

 

Ok… before we go any further, let’s work out what an SSL certificate is, and why it’s important. An SSL certificate secures browser to server communication, allowing information captured by a website (typically via a form) to be transmitted safely from server to browser and browser to server without being tampered with or removed. SSL certificates basically secure credit card transactions, data transfers and logins. Without an SSL certificate, personal information including credit card details, usernames, and passwords can be more easily stolen by hackers.

 

Google’s main focus is keeping consumers safe online so, it’s no surprise they are cracking down on SSL certificates. Information collected through online shopping has made website security a topic of conversation for years (remember when your parents were too scared to shop online?). Today, consumers are sharing their personal information more and more freely, with the expectation that the website they are using is capturing their data securely. I don’t know about you, but I certainly expect my credit card details to be secure when I’m making an online purchase. Or, my passport number when I’m booking an International flight. Online security is a necessity, not a “nice to have”.

 

What has Google done so far?

 

Secure, Not Secure

 

Last year, Chrome started marking HTTP websites with password or credit card fields as “NOT SECURE” in the address bar. This then extended to websites that had forms where users were asked to share any information (including email addresses, phone numbers, and names).

 

Google will mark all HTTP sites as “not secure” and will soon (July 2018) start serving full-page warnings to visitors of websites without a logged certificate.

 

How do I check if my website is affected?

 

  1. Type in your website’s URL in Chrome and check if ‘Secure’ appears to the left of the address bar.
  2. If it does – you’re in the clear. But, maybe not completely. You should probably read the next section.
  3. If it doesn’t, you need to secure your site with HTTPS as soon as possible.

 

Distrust of Symantec certificate authority

Google then announced its plan to disfavour Chrome’s trust in the Symantec certificate authority with an aim to sustain the security and privacy of users when browsing the web.

 

Now, Google has announced that all remaining Symantec SSL/TLS certificates will stop working with the release of Chrome 70 later this year. If your website is using a Symantec SSL/TLS certificate that was issued before 1 June 2016, this means you may need to update your HTTPS certificate to avoid having your site labelled as unsafe and being broken in upcoming versions of major browsers.

 

How do I check if my website is or will be affected?

 

Browser Stable Release What you need to do
Chrome 66

Current version

Chrome Beta users started experiencing the failures as of 15 March 2018.

15 Mar 2018
  1. Use Google Canary to find out if your website is using an SSL/TLS certificate from Symantec that was issued before 1 June 2016.
  2. Action: If your site displays a certificate error or a warning in DevTools, you’ll need to replace your certificate as soon as possible.
Chrome 70

Beta version expected to be released in Sep 2018.

Once it’s released, all remaining Symantec SSL/TLS certificates will stop working.

16 Oct 2018
  1. Check if your certificate will be affected by visiting your site in Chrome and open up DevTools:
    • Load your website
    • Click the 3 vertical dots next to the address bar
    • Go to More Tools
    • Click Developer Tools
    • Look for this Warning in the Console section

google chrome inspect ssl warning

  1. Action: If you see this message in the console, your certificate needs to be replaced as soon as possible. Users will begin seeing certificate errors on your site as early as 20 July 2018.

unsecure website google chrome warning screen

 

What are the benefits of having a secure site?

 

Even if you don’t collect any information on your website, you should definitely take steps to ensure it’s secure. Here’s why:

 

  1. Improved SEO rankings – websites that aren’t secure will get penalised and outranked.
  2. Security – HTTPS protects your website and your users’ information from hackers. Setting up a secure HTTPS site is the minimum precaution you should take.
  3. Updated browser labels – Your website users will feel safe when they see your site marked ‘Secure’, and in turn more confident to use your website.
  4. Increased conversions – Research shows that over 80% of respondents would abandon a purchase on a non-secure site. Customers are much more likely to make a purchase if they know your site is secure. There is also evidence that having a secure site can improve lead generation.

 

Ok so SSL Certificates are important and I don’t have one, so how do I install an SSL Certificate? Well, it depends on how your website was set up and generally we recommend a webmaster to implement an SSL/TLS Certificate as it’s not worth the hassle if not done correctly. That being said if you’re confident in your ability to it yourself here are some great articles on how to install an SSL/TLS Certificate:

 

Install SSL on WordPress

 

Install SSL Certificate cPanel 11

 

Apache SSL Installation Instructions

 

Google has made its position on SSL clear – HTTPS will be the norm, not the exception. So, what are you waiting for? If you’re not sure where to start, we can help. SSL certificates are implemented as part of our SEO campaigns. Just reach out and we’ll work with you to get your site ready for this imminent change.

About the author

Jacob

Authors Page

I am the Organic Search Specialist and Local SEO expert of StudioHawk, a Google Marketing Specialist SEO company. I specialise in helping Professional Services drive the maximum possible organic search engine traffic and sales.

Leave reply

Your email address will not be published. Required fields are marked *