Overview
Google wants to make the internet more secure for internet users on their Chrome browser. One way they are going about this is by marking all unencrypted HTTP sites as “not secure” in the browser URL. Google’s ultimate goal is to eventually show the “not secure” warning for all HTTP pages. For now, they are rolling it out to certain web pages. The first phase began back in January 2017 when they began showing the warning for any web pages that include sensitive information, such as passwords or credit card fields.  Beginning in October 2017, this warning will be expanded to two additional situations: when users enter any data on an HTTP page (such as a contact form) and on all HTTP pages visited in Incognito mode.

Nearly half of internet users access the web using the Chrome browser so this change can have a significant impact on how people interact with your website.

Why transition to HTTPS?
HTTPS ensures that when a user accesses a website, this data is encrypted using the Secure Sockets Layer (SSL) protocol or the more modern version, Transport Layer Security (TLS) protocol. In order to implement HTTPS, site owners must obtain a trusted digital certificate for each of their sites. Google reports that HTTPS usage is increasing substantially and that a significant portion of web traffic has transitioned to HTTPS to date.

What are the benefits of encrypting my website?

  • HTTPS offers many advantages over HTTP, including powerful new features and performance including:
  • Always-on SSL (AOSSL): a practical best practice to protect user data and ensure a site’s pages, cookies, APIs, and sessions are secure
  • SEO benefits: Google’s search engine algorithms boost rankings of sites that use HTTPS encryption
  • Performance: encrypted sites get the performance enhancements that come with HTTPS and performance is a significant search engine ranking signal
  • Control: Third parties and Wi-Fi hot spots can insert ads on web pages, potentially slowing site performance and messing up the user experience
  • Credibility: the reassurance of encryption to users should not be underestimated. Visual trust cues can help reduce bounce rates, abandoned shopping carts, and improve trust

Is the change in Google Chrome relevant to individual pages or the entire site?
Browsers are looking at pages, so as pages appear they examine them for any fields that are collecting data. If these fields are present, the site will be flagged. If no fields are present, the site is not flagged. Any pages within the site that are flagged need encryption to prevent browser warnings indicating the page is not secure.

Will my internal pages, not accessible to the general public, be subject to the same warning messages?
This is a change controlled at the browser level, not at the user level. So, you’ll still have the error messages for internal sites lacking HTTPS, which could cause confusion for users within your internal environment(s).

Speaking of Google, will not having HTTPS impact my search ranking?

Yes, sites with HTTPS are given preference in search rankings (which has been widely publicized), so it goes to show that using HTTPS is important for your SEO activities.

What can I do next to secure my website?
Lexsynergy has a streamlined process for purchasing and managing SSL certificates. Simply login to your Lexsynergy Account and navigate to the SSL tab. There you can choose from top brands like Symantec, GeoTrust, Thawte, RapidSSL and Comodo. If you need assistance purchasing an SSL certification contact your account manager or email us at support@lexsynergy.com.