Google Sets July Deadline for HTTPS
We are right around the corner from Google implementing a major change on what websites people visit. In July, if your website doesn’t have a security certificate—AKA HTTPS—you can expect to see your traffic drop like a brick.
The search giant is pushing for a more secure Internet, and part of that initiative is “warning” weary website visitors that the site they’re visiting is NOT SECURE. Google is taking it to the next level with their next release of the Chrome browser 68 (the most used Internet browser worldwide).
Google will now start showing “warnings of an insecure website” on their Chrome browser if your site doesn’t have a security certificate.
I Want My Site Secure and Blazing Fast
Although a warning currently shows in Chrome, it will be much more offensive in the future. Their intent is to strongly deter users from viewing “nonsecure” websites.
Is Your Website Secure?
It’s easy to see if your website is secure. Look to the top left of your browser in the address bar. You’ll either see “Secure” on “Unsecured” accompanied by a padlock which would be open or closed. This warning will be much scarier starting July of 2018.
What is HTTPS?
HTTP stands for Hypertext, Transfer, Protocol. When you add the “s” at the end, you get the secured version. Our goal here is not to be a technical white paper on adding a security certificate to your website. Our goal is to clear up some confusion on the impending deadline and bring awareness to any website owner that wants to continue to see traffic past July of 2018. DEAN Knows is also offering a quick and easy way to add HTTPS to your website and increase it’s speed for one low price.
What we will be covering is:
- What Is Google Doing?
- Will this Warning Scare my Site Visitors?
- Should I Install a Security Certificate to Avoid Google’s “Not Secure” Warning?
- What are My Options for Moving to HTTPS
- How Much Will it Cost to Make my Website Secure?
The Explicit Warning Starts in July 2018
Google has announced that starting in July of 2018 the Chrome Browser will start explicitly pointing out websites that are not secure (contain https encryption). Google has been preparing the web community for quite some time now and the deadline is right around the corner.
With Google Chrome making up almost 45% of all web browsers accessing the internet, a nasty security warning can scare people away from your site. Although there is a small warning now, the new explicit warning will be MUCH more ominous.
Making Your Website Secure to Avoid the Warning Message
To have your website not display the warning message to all of your users, you will need to purchase a security certificate ($39-$279) and install the certificate on your hosting and configure the site to display on https. All SSL certificates will also need to be renewed every year or two.
It’s important to remember, that just because you PAID for your security certificate (usually by automatic renewal) you, or your web developer, will need to update the certificate on the server upon renewing. This is a common issue when SSL certs expire. People see the receipt for the certificate – then the site is all but dead. What happens if you don’t update the SSL on the server – all users that visit your site will see this error.
Yes…they do have FREE SSL certificates – but they may have some technical limitations and usually MUST be manually renewed every 90 days (or less) or your site goes down!
We don’t recommend free SSL Certificates, not because they won’t work… they will…but because of the constant expiring/renewing. If you are not on-top of renewing your certificate, your site will appear to go down every time the certificate renews.
Real Estate Websites
It is worth mentioning that if you have a real estate website with IDX (Internet Data Exchange) you may have some challenges implementing an SSL sitewide. It depends on the manner in which your site is displaying the IDX data. For some IDX implementations, such as IDX Broker, you will have to check a box on the backend of their platform so you don’t receive mixed content errors. With SEO for real estate being so competitive, errors from improperly implementing an SSL certificate can be much more detrimental that not attempting to go secure at all.
Options for Making Your Website Secure
If you are handy messing around with your hosting account, you can purchase the SSL certificate (usually from your hosting company) and watch some YouTube videos on getting everything set up.
Once you have installed the security certificate, you will then need to create a series of 301 redirects from the NON secure domain to the Secure Site (from HTTP:// to the HTTPS://).
Once you have all of your 301 redirects in place, you will want to check for “mixed content errors”. These are pieces of code that refer to something on the web that is NOT secure. For your website to be FULLY SECURE — Every Page (and every URL used) must be on HTTPS. This is the part of converting your site to https that can be brutal. Upon reviewing any/all errors, every “mixed content” error MUST be corrected for the site to be considered secure.
Hire a Professional to Make Your Site Secure
If you are not comfortable on a web server, and you have a website that has traffic, we strongly recommend hiring a professional to make your site secure. Installing an SSL Certificate requires multiple steps, all of which need to be completed perfectly to work correctly.
DEAN Knows has a solution that will make your site secure AND blazing fast.
Since we are an SEO company, we are combining two of 2018’s Google ranking factors (website speed and https) in one package. For more information click HERE.
Is This Happening to ALL Websites?
Yes – every website in the world will be facing this issue or face the negative impacts of a dire warning of security — which is sure to have people turn and run from your site. As of today, since Google provides a boost to your website’s SEO if your site is secure, many of the websites on page one of Google have already moved to https.
In addition, Google’s John Mueller has stated that unlike in the past, implementing 301 redirects from one page to another no longer looses any “Google Juice”. This was implemented because many SEO companies were reluctant to implement site-wide 301s as they would loose a tiny bit of their link juice. That is no longer the case.
How Many Websites are Already on HTTPS?
As previously mentioned, Google has been pushing SSL certificates for some time now. Because of the encryption and the small boost to your Google rankings, many sites have already migrated to https. Where initially, SSL certificates were mostly for websites that exchanged private information or credit cards – Google has pushed them mainstream.
Here are some stats about the number of sites that are secure vs not secure:
- Over 68% of Chrome traffic on both Android and Windows is now protected
- Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
- 81 of the top 100 sites on the web use HTTPS by default
Do I Have to Convert to Https?
No. There is no mandate to convert to a secure site. It is important to understand that if you have a business website that represents your brand or a website that you generate any type of revenue from, we strongly recommend converting to https as the intent by Google by warning users if a site is insecure, is to drive business websites to a higher level of security.
Google Seldom Sets Deadlines
Although Google has claimed that they update their algorithm about 200 times per year, Is is very seldom that Google makes public their intentions and promotes a change in their systems. One of the few times Google warned everyone of impending changes was when they moved to a Mobile First Index.
For over a year, Google made it abundantly obvious that if your site was not mobile friendly, you would see a drop in rankings. In the worst case scenario, even fall off the map on April 21st 2015. This massive change which involved Google looking at how your website renders on mobile first and then desktop is still being implemented. By today’s standards, your website should be built for mobile devices first, desktop second.
They promoted this change in the Google Algorithm so much – April 21st became known as Mobilegeddon. Needless to say, most websites implemented Google’s recommended changes. Notwithstanding the Mobile First push, Google will usually not even confirm if they have had a major change to their systems.
When Google pushes something this hard – YOU BETTER PAY ATTENTION.