It’s been on the cards for years, but the day has finally come that Google has started actively warning users whenever they are on a non-secure website. Google has been highlighting secure and non-secure sites in Chrome for some time, but with the latest update, the warning of non-secure sites is more prominent. Whereas previous versions of Chrome either show a green Secure sign, or a subtle black (i) beside non-secure sites, Chrome 68 (released in July 2018) shows a red warning message whenever you are viewing a non-secure website.
Because Google has been talking about https for several years now we’d expect all major websites to be operating on HTTPS now. However, many are lagging behind, including some pretty major brands. Some of the biggest brands that are still refusing to go secure include Mail Online, Argos, Sky Sports, and even the William Hill betting site – they all should really be working hard to protect their customers from phishing, snooping and other nefarious activities that are increasingly being carried out by cyber-criminals.
Why is HTTPS important?
HTTPS is the secure version of the HTTP (Hyper Text Transfer Protocol) that was the standard since the beginning of the web. When viewing a website with HTTPS all data is encrypted when it is transferred from the web server to your computer, and back again. Without HTTPS , people could view everything you do online. You might think that this is no big deal, but HTTPS means that people could view your credit card details whenever you buy online, read your private messages, know what websites you are reading, and what you are buying online. And with most of us now using mobile phones on public WiFi in coffee shops and the like, there are far more opportunities for cyber-criminals the hack into your connection to steal your data.
Back in December 2016 we looked at how HTTPS might affect ad performance. At the time, the only real concern was a drop in traffic after making the move, however, we now know that so long as the migration is done properly, there should be no negative change in traffic at all. Aside from security and privacy, many customers are Internet savvy today and distrust any website that does not use HTTPS, so any website not using will be losing customers to competitors.
Publishers who have not yet made the change should expect to see ad revenue drop. Although their sites are no less secure than they were before this update, the increased visibility of the issue is likely to cause an increase in bounce rates. Concerned users hitting the back button means reduced pageviews and ad impressions.
How to convert to HTTPS
Converting to HTTPS is easy and should not take much time. There are two ways to go about it. The first is to purchase an SSL certificate through your web host and then make the necessary changes on the server and on your website. This is the most complex method, and you have to remember to renew your certificate or your website will essentially stop working. If you have a managed web server, or just an awesome support team, they will often do this for you without any extra charge.
A simpler way, which also happens to be free, is to use Cloudflare. Cloudflare provides free HTTPS protection for its customers. While there are premium options, encryption comes as standard even on the free plan. Cloudflare offers the added advantage of improving site load speeds, which has recently become a more important ranking factor in Google. To use Cloudflare you just need to set up an account for your domain and then change the nameservers in your registrar admin settings to those given by Cloudflare. Within the settings you can then enforce https, which means that it will take care of the redirects automatically. It’s a great option if you don’t need a dedicated or higher grade certificate.
With an SSL in place you should then work through the following quick list:
- Update your site settings in your CMS
- Redirect HTTP urls to their HTTPS counterparts (best done on server)
- Update any internal links or embedded images using HTTPS (WordPress users can use WP Migrate DB for this)
- Check that you are using the HTTPS version of any embedded scripts
- Claim the HTTPS version of your site in search console.
There are plenty of more in-depth HTTPS migration checklists available online.