If you manage your own website, you may have received a notice from Google Search Console recently about your site that included this:
“Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.”
This warning will affect all sites without valid SSL certificates in place. An SSL certificate is the difference between HTTP and HTTPS (the S standing for “secure”) in the URL bar, and it is a much bigger deal than one single letter difference would seem.
What is SSL?
SSL stands for Secure Sockets Layer. Sites that use SSL have an extra layer of security that runs between the server (where the site files live) and the browser (where the user requests to access those files), ensuring that any data passed between those two points is encrypted and private.
What is an SSL Certificate?
SSL certificates are small data files, issued by a trusted security source, that act as both the lock and key during the encryption process between the server and browser. Each certificate is unique to the organization that holds it, making the connection between server and browser secure.
If you were still under the impression that these certificates were only beneficial for sites where highly personal information was shared, such as payment pages on ecommerce sites, think again.
In 2014 Google announced that it would begin giving a rankings boost to sites using HTTPS, but mentioned nothing about specific penalties for sites without. Now three years later, not only do HTTPS sites have an edge on rankability, sites without it will trigger a warning like this to all users who try to access them:
This warning could be a red flag to site visitors, whether they had planned to share any personal information on the site or not. Without an SSL, it won’t matter how great your content is if Google is warning every single visitor that your site isn’t trusted.
The good news is that this issue is a relatively easy fix. Google has a helpful guide to walk you through the process of upgrading from HTTP to HTTPS. And, even if you’re hearing about this change for the first time, you have more than a month to implement this security upgrade. Not only does Google demand it, your customers and clients expect it as basic evidence your company can be trusted with their business.