Will Google Flag Your Non-HTTPS Website “Not Secure” In July 2018?
In February 2018, Google made a very bold announcement to further continue its effort for a safer and more secure web. In it, Google stated that with the version 68 release of its popular Chrome browser, it will start flagging websites as “not secure”.
Specifically, Chrome will only target the websites that are accessible via the standard non secured HTTP protocol. The browser will place the flag in the URL address bar at the top of the browser. In contrast, websites that are secured with the HTTPS protocol will not be flagged.
What Is HTTPS and How Does it Work?
Without getting too geeky with the tech lingo here, HTTPS is a secure and encrypted channel between the server of a website and visitor’s computer. At the heart of this encryption, is a Secure Sockets Layer (SSL) certificate that’s installed on the website’s server.
This SSL certificate is typically procured and generated from a well known and trusted certificate authority. And since these well known certificate authorities come already trusted by popular browsers (Chrome, Internet Explorer, Firefox, etc.), installing one of their certs onto your website will make it trusted as well.
Therefore, once the certificate is bounded to the website, the URL bar will display as HTTPS.
How Will This Impact Businesses?
So what does this HTTPS deal really mean to you and your business? Very simply, if your website is flagged as a non-HTTPS secured site, the integrity of your website may be questioned by visitors.
Just imagine if you owned an online store front and it is currently being flagged as “not secure”? Would that impact visitors perception of your website? You bet it will.
This would be catastrophic as trust is regarded as one of the most important purchasing factors. Regardless if you sell products or provide a service, you do not want any concerns when it comes to the integrity of your website or branding.
Another side-affect to this is the benefits of search engine optimization (SEO) ranking results returned from Google. The search engine giant has made it clear that HTTPS is a factor in its ranking algorithm. With this update, security should be a bigger factor than it was before.
Even with the two critical factors above, the most important reason why HTTPS should be implemented is to protect your visitors. Because, by implementing HTTPS, you are doing all you can to protect snoopers from intercepting the data stream between your visitors to your website.
With cost being a non-factor, there’s no excuse why any legitimate business cannot be secure on the web.
What Action Can You Take?
Fortunate for you, the problem can easily be mitigated. Just read through our easy-to-follow guide below and there will be no questioning the security of your website in no time. Let’s get started shall we?
How to Make Your Website HTTPS
The concept of securing a website with HTTPS is the same regardless of what web technology was used to create your website. The only difference will be how it’s implemented. For example, Linux-based cPanel as it’s the most popular, and will differ from Apache, or Microsoft IIS.
1. Obtain an SSL certificate
There are essentially three popular methods to obtain an SSL certificate. Without getting too geeky and overly complex and detailed, I will briefly outline each of the methods. After determining your path, you should be able to find additional resources via the web on how to complete it thoroughly.
A. Let’s Encrypt (Free) – can provide a free SSL certificate for you at no cost. It works by running a management agent on the web server to vouch for the website domain. Then, it can request, revoke, or renew for the domain to the Let’s Encrypt certificate authority. For more information on Let’s Encrypt, click here.
Pros – Free, easy to implement
Cons – must renew every 90 days, limited to domain validation only cert (last checked).
B. Cloudflare (Free) – is a content delivery platform for websites. Essentially, when someone types your URL address, the visitor is routed through Cloudflare first before landing on your server. This enables Cloudflare to provide a secure channel between the visitor and your website. This, in turn, will meet Google’s security requirement. For more information on Cloudflare’s SSL, click here.
Pros – Free, easy to implement, default universal SSL cert does not expire, variety of methods in certs and configs to include validation (EV) and more.
Cons – Middleman, default universal SSL certificate contains other domains besides yours, flexible SSL feature only encrypts from visitor to Cloudflare / not Cloudflare to your server, Full SSL more difficult to configure.
C. Trusted Certificate Authority (Paid) – This is the traditional route. You can obtain an SSL certificate from your hosting provider, or you can also buy your own SSL certificate from any trusted certificate authority and configure it yourself. Just Google it.
Pros – Higher level of trust, flexibility in certs from domain-only validation to extended validation (EV) and more. Cert can be renew from one to three years. Get exactly what you want.
Cons – Cost and Time, may require more technical knowledge to implement.
What SSL Certificate Type Do I Need?
This really depends on your business type or size. If you’re a small business, and provide mostly informational, service for hire gigs, or even sell a couple of items, then a “domain validation” cert is the minimum you will need.
However, should you own an e-commerce website or is involve in financial, you’d probably want a higher level of trust so go for a variation of an EV cert as it will also get you that “greenbar” in the URL address bar.
2. Installation, Configuration, and Enabling the SSL Certificate
A. Let’s Encrypt – Free
let’s Encrypt may not be supported by all web hosting companies so check with their technical support first.
We have also found, for example on GoDaddy’s website, that even though they do support Let’s Encrypt, that it’s not that simple to find the documentation on it. For example, performing a search through their knowledge base. In our case, we had to perform a Google search outside of GoDaddy to gain access to the information.
For more information oh how to implement Let’s Encrypt SSL on your hosting provider, please refer to the community support forum on their website here.
B. Cloudflare – Free
Cloudflare has pretty good documentation and support on their website on how to implement SSL. Keep in mind that you do need to sign up for a Cloudflare account first. Afterwards, you can just select the free plan and should have access to enabling SSL for your website.
For more information oh how to implement Cloudflare SSL, please refer to this link from their website.
C. Trusted Certificate Authority – Paid
Whether you buy the SSL certificate from your hosting provider or a trusted certificate authory, they should have the documentation and support to help you install it. Instructions will also vary on the hosting technology of your website, such as cPanel, Apache, IIS, etc.
Now that you know how to enable SSL on your website for free, it’s time to take some action and go get it done. July is coming sooner than you may think!
After you enable your website, please double-check that it is auto-forwarding from HTTP to HTTPS. You can easily check just by typing in the HTTP url and it should automatically redirect to the HTTPS version. Also, one more thing, if you’re keeping search related tabs on your website with Google Search Console, be sure to add the HTTPS version of your site there as well.