Google has made an announcement about upcoming changes to security warnings in Chrome. Users of Google Search Console received emails announcing the change and warning about what types of pages may be affected.
Beginning in September 2016, Google Chrome started to mark non-secure pages containing password and credit card input fields as ‘Not Secure’ in the URL bar. In an effort to work towards a more secure web, starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in any type of form on an HTTP page, and for all HTTP pages in Incognito mode. The new warning is part of a long-term plan to mark all pages served over HTTP as “not secure”.
Security improvements are being implemented by browsers other than Chrome too. Most modern browsers display a green lock as a visual indicator of a secure connection to help easily distinguish if information is okay to share on a site. Starting in Firefox version 52, you will also see a warning message when you click inside the login box to enter a username or password on a non-secure page. Some anti-virus software will also show a check or a green highlight of the URL bar when a page is secure.
So what do all these warnings mean for you and your website?
To begin with, security really is important. The protocol over which data is sent between your browser and the website that you are connected to is Hyper Text Transfer Protocol (HTTP). HTTPS is the secure version, as the ‘S’ at the end stands for ‘Secure.’ It means communications between your browser and the website are encrypted. When you load a website over HTTP with no encryption, someone else on the network can modify or look at the site before it even gets to you.
HTTPS is served to your site via a certificate, either SSL (Secure Sockets Layer) or TLS (Transport Layer Security), that verifies your site’s identity and establishes a uniquely secure connection between you and the website.
Security affects search rank
Rank higher in Google by having a secure site. Google’s search ranking algorithms are now taking into account whether or not a site is using secure and encrypted connections.
Security can impact how your visitors perceive your business. Users expect that their information will be kept secure when visiting your site. This is especially applicable for industries such as healthcare, government and education. If viewers see a security flag—even if you feel there is no need for extra security measures, for example with just displaying static content—they may feel uneasy about using your web site.
How can you make your site secure?
To determine if your site will be affected by this change, try typing in “https//” before your URL and see if you get an error. If you do it means you do not have a security certificate and your site is not HTTPS. To get HTTPS you will need a dedicated IP address and to buy a certificate. Then activate and install it. You can buy a certificate from a number of sources online, or even easier, most website hosts also have the ability to buy and add the certificate for you.
Is your site ready for this upcoming change? If not reach out; we’d love to help.