Google’s secure web (and how it affects you).

It was back in 2016 that Google announced plans of “moving towards a more secure web,”  but it seems much of the internet still hasn’t caught up with this yet and many businesses don’t quite get how important this announcement was.

So we’re going to give you a roundup of what Google have planned. In this blog post we’ll cover:

  1. What Google’s plans are for a secure web.
  2. Why their plans are flippin’ awesome.
  3. How their plans affect search rankings.
  4. What affect the changes will have on your business.
  5. When the changes will affect you.
  6. What you should do.

Let’s get to it.

What Google’s plans are for a secure web.

There are 2 main prefixes to every website URL: HTTP and HTTPS. Put simply, HTTPS is the secure version and this is what Google is focusing on.

In January 2017, through Google Chrome, they began marking pages that collect passwords or credit cards as ‘Not Secure’, as a way of letting you know that your very private details are not being passed over a secure connection.

This makes perfect sense, right? Nobody wants to checkout on a page that might lead to their details being stolen!

It looks like this…

Example of a non-secure site on Google

Ever heard of SSL? (We wrote another handy blog post about it that you can read here.) SSL, EV SSL, Wildcard SSL; there are some variations of the SSL site encryption, but they all do the same essential thing; prove the security of your website and encrypt any data that’s passed between the user and the server.

Google have since released another set of changes from October 2017 so that Chrome will show the ‘Not Secure’ warning in two additional situations: “when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.”

So now any web pages with forms, such as a contact form or application form, will be marked with the red, severe-looking ‘Not Secure’ message if there is no SSL certificate active on that site (or that page).

Next, they’ll go all the way. Soon enough Chrome will mark all HTTP pages as ‘Not Secure’.

This makes SSL more than standard practice, it makes them a necessity.

Why their plans are flippin’ awesome.

You’ve got to know that as much as there’s an initial hurdle (and only a small one), this is a really good change.

As the world is turning to digital for everything imaginable, we need to protect our identities online.

Look at it this way… HTTPS offers an encrypted connection, so when you’re signing up to a website and you’re sharing your personal information, who wouldn’t want that to be protected? Your name, email address, date of birth, telephone number; you certainly wouldn’t want any of these stolen. But imagine you’re enquiring about medical services, applying for finance, buying a personalised product – all of these examples would give hackers so much opportunity to steal and use your data if the connection you’ve used isn’t secure.

Google are forcing a new standard of security for the web and this is great. It’s flippin’ awesome!

How their plans affect search rankings.

At the time of writing this, Google are making use of over 200 ranking factors. They use the combination of factors to decide how well a website should rank for different search terms. Some of these factors are more important than others and the use of an SSL is a factor that’s growing in strength.

At first Google effectively said “it doesn’t matter” and that the use of an SSL will have no effect on rankings, then researchers proved this to be untrue and Google eventually said something like, “yeah it does matter, it’s just not an important factor.” You can see where this is going, right?

Since Google, through their Chrome browser, are the ones pushing this secure standard across the world, it’s obvious that they’re phasing in the presence of an SSL certificate as a ranking factor. Eventually it will be essential, absolutely essential.

When, soon, every website using HTTP will read ‘Not Secure’ you can bet that Google will also say ‘Not Ranking’ and wave goodbye to your website in the search results.

What affect the changes will have on your business.

It’s probably getting a bit obvious by now, but here are our thoughts on what it will mean for your business to not have SSL:

You’ll look pretty bad to customers.

Just picture that ‘Not Secure’ warning with the red triangle, sitting at the top of the page whilst customers browse your website. It doesn’t look great does it? Alternatively, seeing the green ‘Secure’ message with the safety padlock sends a whole different message to your audience. These security updates will fill your audience with confidence. And even though Chrome hasn’t been around for long, it accounts for 58.4 percent of the market as of December 2016, which is a lot of the internet!

Your site could drop in rankings.

As we’ve mentioned, it’s entirely possible that over time you will see a drop in your position in search rankings on Google. Eventually this is going to lose you traction and potential customers. If your business relies on organic traffic from search for even a portion of your income, this could have a major difference to your income and reputation.

Customer data could actually be stolen.

Not sure if it’s been said yet… HTTPS provides a secure, encrypted connection. Yeah, we’ve definitely said it, just making sure you heard us. 😉 It goes without saying that if you have a secure connection to your customers, then their data is a whole lot less likely to be stolen and you’re a whole lot less likely to get in trouble for it.

When the changes will affect you.

Right now!

It’s already started. It started back in 2016, it’s already making a difference, our internet is a safer place already.

Google are being fair, for now – the changes won’t have an immediate effect. If you’re serious about putting your business in the best position to succeed digitally then HTTPS is a must. Heck, ignore that last sentence, it’s a must for anyone running a website.

If you don’t have an SSL certificate then you may have already started to experience the effects of this, especially if you’re an e-commerce business or make use of contact forms or applications.

If it so happens that you don’t feel like doing it straight away, you’ll be able to get away with it for a while, but it won’t be long and you’ll be forced to do something about it. You may as well get ahead of the game and reap the benefits of SSL straight away.

What you should do.

Quite simply, contact your web agency or hosting company and ask them to install an SSL certificate to your site. It takes a little bit of setup and when done correctly will cover all of your web pages to use the HTTPS encrypted connection.

There are different types of SSL certificate and different ways of applying them, some are free, some carry a yearly cost. Just be sure that you have something in place, even if it’s a free certificate to begin with.

And of course, if your website is based in WordPress, we can help apply one to your website, just give us a shout.

If you’re looking for a bit more security based reading…

Ransomware is hitting WordPress – cover your a***.

Our top tips for WordPress Security.

If you’d like to find out more about what we do…

Illustrate Digital – WordPress Specialist Agency.

Scott is the Managing Director at Illustrate. His main focus is to cast vision and concentrate on our future growth, as well as looking after our customers and generally managing our effectiveness and value as a web design agency. He's also great at presenting new ideas and being picky about the design of everything we do. He performs best in building relationships with other people and in his spare time rides a Honda VTR motorbike, is a huge Cardiff Devils fan and loves spending time volunteering at Freedom Church in Cardiff.