Many website owners have recently received a message in their Google Search Console warning that from October 2017, chrome will start to alert users visiting non-HTTPS sites that the web-page they are viewing is ‘Not Secure’.
This latest announcement shouldn’t come as a shock, as Google has time and time again promoted its mission to protect users’ security online and therefore its preference for HTTPS. In August 2014, Google first announced HTTPS would be used as a minor ranking signal and again in 2015 Google stated that by default it would index the HTTPS version of a page instead the HTTP version, if both exist.
In January 2017, Chrome took the first steps to make users more aware of the difference between HTTP and HTTPS sites, announcing a new measure to mark all HTTP pages that collect credit card information or passwords as ‘Non Secure’. You may have already noticed this warning in your browser, when visiting such a site. See the ‘Not Secure’ warning in the image below for example.
Most recently, chrome announced that from October this year, the ‘Not Secure’ message will be implemented on more HTTP pages, mainly in two new cases:
This latest update may scare most website owners into moving their site to HTTPS, however in some cases it still may not be crucial to make this move. But before we get into the hows and whys, it’s important to understand exactly what HTTPS is.
HTTPS- which stands for Hypertext Transfer Protocol Secure- is an internet communication protocol that protects data shared between a user’s computer and a website’s server. More simply put, users who enter data on an HTTPS page can trust that their data is encrypted in such a way that essentially removes the risk of their information being compromised or hacked by a 3rd party. (HTTPS can also be broken, but it is immensely harder for an attacker).
User data submitted through an HTTPS page is secured with three levels of protection:
As is common with any site move (such as a domain name change for example), you can expect a short-term change in traffic and rankings. Having said this, Google has stated that the HTTPS protocol is a ranking factor, implying that moving your website to HTTPS can actually give it a small rankings boost. And as it is Google that strongly recommends the move to HTTPS, the recovery time in terms of organic rankings and traffic should be minimal, provided the move is planned and actioned carefully (see our tips below).
Whilst all of these announcements might have you calling your developer on speed dial, you should first consider if your entire website really needs to be moved to HTTPS. We have created 3 categories of websites to analyze the need for HTTPS:
|Type of Website||Move to HTTPS?||Action|
|Collects sensitive information such as passwords or credit card details.||Yes, urgently||Websites of this nature should have already been moved to HTTPS, or at least move the pages that collect the sensitive information.|
|Collects ‘less’ sensitive information, such as leads, newsletter sign ups, reviews, comments and more.||Yes||If the information is collected on the majority of pages on the site, move the whole site to HTTPS. If there are a small number of pages that require users to input data, you may consider moving just these pages to HTTPS.|
|Does not collect user data, such as a blog or informational website.||Not urgent||HTTPS is not crucial if there are no fields for data entry on your site. Note that the ‘Not Secure’ warning will appear on any page you collect user data, so consider the need for HTTPS if you plan on collecting user data in the future.|
If you do decide to move your website to HTTPS, we recommend planning the move with the following tips in mind:
Have patience when it comes to rankings and traffic: Google states that it will take a few weeks for medium-sized websites to be completely re-indexed, whilst larger sites will take longer. Submitting a sitemap via the search console can help speed up the process.
Convinced it is time to move your website to HTTPS? Speak to us to find out more information.