The latest Google Chrome HTTPS update is loud and clear: HTTP webpages are not secure and should be encrypted.
During the past year, data hacking has been all over the news. The Equifax data breach may have compromised the sensitive personal information of some 143 million Americans who used the consumer credit reporting agency, according to the New York Times. Spurred in part by the hacking and release of politically-sensitive emails, Congress and the FBI are investigating Russia-linked meddling in the 2016 presidential election. Yet, why do so many website owners still think their unencrypted HTTP webpages are not also vulnerable to the theft of sensitive information?
When transmitting data over the web, both users and website owners benefit from secure interactions.
HTTP vs. HTTPS
In the search bar near the top of your browser, any URL that reads “HTTP” is not secure. Data transferred between the browser and the web server on HTTP pages can be intercepted by a third party. On the other hand, if the URL begins with HTTPS – note the “S”, which stands for “secure” – data transmitted on that webpage is encrypted.
‘Not Secure’ Warning
Since the beginning of the year, Chrome has already been issuing a “Not Secure” warning if an HTTP page includes input fields, like those requesting passwords and credit card numbers. The warning is placed immediately to the left of the search box to remind users that an HTTP page could be compromised. In the Chrome 62 update due out in October 2017, the warning will appear in two additional circumstances, according to Search Engine Land:
- All HTTP pages when users enter data
- All HTTP pages viewed in Chrome incognito mode as they load and when users enter data
A post on the Google Developers website also reminds website owners of the following:
If you place an input box in an iframe, that iframe must also be served over HTTPS or a “Not Secure” warning will appear. Placing an HTTPS iframe on an HTTP top page will result in a “Not Secure” warning. The top page must also be served over HTTPS to avoid the warning.
How Can I Prevent the Warnings?
If all your pages are HTTPS you need not worry about the new Chrome warnings. The point of the warnings, according to Google software engineer Eric Lawrence, is to encourage website owners to eventually host their entire site on HTTPS.
Last year, Lawrence explained:
Eventually, Chrome will show a Not Secure warning for all pages served over HTTP, regardless of whether or not the page contains sensitive input fields…. [Y]ou should plan to migrate your site to use HTTPS for all pages.
The Chrome 62 update is the next step in Google’s push to get website owners to shift exclusively to HTTPS. Simply put, if you’re unsettled by the warnings – and don’t want Chrome users to see them on your website – start moving your entire website onto HTTPS…
Why Should I Care About Migrating to HTTPS?
If you lock your front door but leave your back door unlocked, your home isn’t secure. Likewise, if some of your webpages are encrypted but others are not, your website remains particularly vulnerable to hacking. Shifting to HTTPS is the bare minimum in online security.
Hosting your entire website on HTTPS enhances trust. In addition to the peace of mind HTTPS offers you as a website owner, Entrepreneur magazine explains that migrating can boost your business prospects. Consider the following:
- More than 80 percent of consumers will abandon a purchase if a website is not on HTTPS.
- Even if you’re not engaged in e-commerce, improved security can increase lead generation by more than 40 percent.
- Google is starting to use HTTPS as a signal that may boost SEO rankings. “Over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web,” states a post on the Official Google Webmaster Central Blog.
National Positions is committed to helping all our clients shift to HTTPS. When sharing information online, hackers are waiting to swoop in. You take precautions in your daily life to stay safe. In a world where we can’t stop looking at our phones to shop, chat and get the latest news, the same must apply to our online lives. With its new warnings, Google is reminding us to be safe.
Migrating your site from HTTP to HTTPS needs to be done with care so as not to have a negative effect on your current SEO.
Here is an easy-to-use technical SEO checklist to make sure your migration runs smoothly:
- 301 Permanent Redirects from http pages to https://
- Preferred Domain Setup at Search Console with https://
- HTTPS Sitemap Creation, Optimization & Upload to Search Console
- Google De-Indexed URLs from Cache
- Update Robot.txt
- Internal Link Optimization
If you need help with your migration, contact us and we’ll be happy to help.
What’s the new marketing mindset?
It’s all about growth.
Learn the latest in our new eBook.