27 Jan If Your Site Is Not HTTPS, You Might Want To Make The Upgrade Sooner Rather Than Later
If you currently run a website that does not sell products, take credit card information, allows registrations and logins or collects lots of data, then you are probably not using an SSL certificate to make your site HTTPS, but as Google prepares to make the web more secure through Chrome warnings, now is the time that all websites should seriously be thinking about making this move.
The need for HTTPS to become the norm has been somewhat ignored by most webmasters, and to some degree, understandably so, as 90% of websites do not really do that much, maybe offer some information, service details and a contact form and phone number. Many would argue that their site does not need to wave a little padlock around, as if your on good hosting and have good web housekeeping procedures, your site should be relatively safe to users.
And therefore, it was only really sites that sold products or collected data that needed an SSL certificate to become HTTPS, and once again, understandably so! If you, the customer is passing credit card details to a company, you want protection, and the business owes you the effort and technology to make this happen. So, any shopping website that does not feature a padlock when you come to checkout is one to avoid, as this means your data is very vulnerable to any of the cyber criminals that seem to be booming in population and numbers.
So, for the millions and millions of websites that do not do any of the above, we don’t need to bother, right?
Well, no, and here is why.
In a blog post back in September 2016, Google announced that Chrome 56 (the version that is nearly with us all) is going to seriously hammer home the message that sites that are not HTTPS are not secure, and whilst this is initially for credit card and password orientated sites (I.E. shopping sites and sites that you login to), there is one sentence that will make you rethink things:
“as part of a long-term plan to mark all HTTP sites as non-secure”27
Put simply, this message implies that Google is expecting all sites to be secure and HTTPS in the long term, which means that if you have a website and have been thinking about making this switch, you are probably thinking along the right lines.
So why bother?
Well, if you use Chrome, and over 50% of the online population do use Chrome, this is the message you will initially start seeing:
But, the blog goes on to say:
“Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.”
And this is where the user is going to run a mile as they will see this:
As a website user yourself, if you saw that on your browser, then the chances are you will back out of there, even if you are only reading about how to make rock cakes. The point is, most online users will see this as danger and immediately think that their computer is going to download viruses that mean a reformat and even worse, a trip the local IT store. Of course, we know it only means that the site is not protecting as it should, as most of the sites online today are currently doing, but to avoid potential customers running a mile, this move seems logical.
There are some benefits though.
The main one is an increased user confidence, as online users now associate the little green padlock with safe, and if your customers feel safe, they stick around. Green for good, red for danger, which means going HTTPS really can make your customers feel like you are protecting them and their data to the best of your ability.
And of course, we have some potential SEO benefits as well, with at this stage minor boosts for HTTPS sites, but in the long run, I can quite happily envisage secure sites will top the lot, and non-secure sites will battle for the rest of the places. This makes sense, as if Google wants the web to be more secure, they are going to direct users to secure sites, why wouldn’t they, but time will tell on this as a ranking signal, but it will get interesting as more sites head down the SSL road.
If you are going to go down this road, then it doesn’t have to cost the world, as you can pick up SSL certificates starting from £30 a year, but generally, it seems more like £70 a year for a decent one. The one thing to really bear in mind is to speak to an SEO expert or your web design company about migrating from HTTP to HTTPS, as you need to make sure your redirects are in place, otherwise rankings could drop and duplicate content will become an issue.
However, the benefits far outweigh the risks in our opinion, hence we are now SSL ourselves!
Contact us if you need more information or would like a chat about going HTTPS with your site.