It’s becoming increasingly evident that our personal data needs protecting. SSL certificates, which enable the HTTPS protocol for encrypting information sent between the visitor and web server, have been in use since the mid-90s, but they’ve only really been used for “sensitive” information like payment details. For years, we’ve been happily using the internet with little concern about how all our data is being protected.
Whenever we do enter our credit card details into a web page, we tend to glance at the address bar of our browser to make sure we see that little padlock which indicates our payment details will be encrypted before being sent. For general browsing, we haven’t really worried too much about encryption.
So why the sudden need to use HTTPS?
For years, Google has been gently encouraging webmasters to implement HTTPS on every page of every website. Initially, the strategy was to reward you with a boost in the search results, but this boost was often offset by the negative effect of slower PageSpeed and the fact that every URL would have to change, potentially losing any “link juice” previously acquired. (The search engines see http://wpsecured.com and https://wpsecured.com as two separate pages, so by changing the URL, links to the old URL may not be as effective.)
Recently, the strategy changed from a reward-based system to an increasingly punitive one. Google began actively blacklisting non-HTTPS websites that allowed credit card forms and even password fields to be entered.
Now, upcoming changes to the popular Chrome browser will add warnings whenever the standard HTTP is in use.
Currently, if you use Chrome to access a HTTP url, you will see a discrete ‘i’ which indicates a warning:
It’s only when you visit a page that asks for a password that you get another more severe (yet still somewhat discrete) warning:
In October 2017, the next version of Chrome will be released, and websites with any input will need to use HTTPS if they want to avoid a “Not Secure” warning in the address bar.
Who will be affected?
If your website is using the HTTP protocol and you have any of the following, you will be affected:
- contact form
- enquiry form
- feedback form
- log in page
- search bar
The real question is, how much will you be affected? It’s easy to think that because the warning is discrete, many people won’t notice. But many will, and the benefits here outweigh the potential costs. How many leads will be scared away by the “Not Secure” warning? Can your search engine rankings afford to take a hit? What would happen if the penalties, or even just the warnings, got more severe? Can you imagine if the “Not Secure” warning was bright red?
It’s much smarter and safer to take action now and avoid potential penalties in future.
How to get HTTPS
In the past, setting up a SSL certificate was a little cumbersome, and often expensive. These days, it’s a much simpler process and there are actually free options, so really there is no excuse not to implement immediately.
All WP Secured hosting clients get HTTPS for free. We also help you set up your website so that it isn’t possible to access your web pages via HTTP. Remember, HTTP and HTTPS versions of the same page are seen as two separate pages by the search engines, so even if you have HTTPS set up, you may still be penalised if your website can be accessed by HTTP. For example, if you go to https://wpsecured.com, you will be redirected to https://wpsecured.com – there is no way to access our website using HTTP.
If you do not currently host with WP Secured but are interested in using our services, contact us or call 1300 WPSECURED. We can help you migrate your website and emails to our servers at no additional cost.
If you don’t host with WP Secured, check whether your host allows you to auto-generate a free Let’s Encrypt certificate. If that isn’t an option, Cloudflare also allow you use HTTPS for free, but require your to delegate your domain to their nameservers.
Now is the time to take action. We’ve spoken with many webmasters who worry about the implications to their search results by updating all their URLs. But the longer they put it off, the more likely they are to encounter a negative effect regardless.
Our advice is to bite the bullet and move on this sooner rather than later. At least now, you have control of the situation. Who knows what new penalties may be applied in the future?