In August 2014 Google announced that it would start to use HTTPS as a search ranking factor. In doing so it was trying to ‘encourage’ website owners to migrate to SSL in an effort to improve the privacy and security of the Internet as a whole. Back then it affected only 1% of global queries and carried much less weight than other factors.
As such, Intergage decided not to rush into this and see how it progressed. After all, we knew Google would not jeopardise good user experience over a secure site.
Google said that over time it may decide to strengthen this signal to encourage more website owners to switch - and we have been keeping a close eye on this. While the adoption of SSL has grown among bigger sites on the web - and there is a small correlation between HTTPS and improved rankings (probably due to the larger sites adopting it) - we still would not recommend it solely for the ranking benefit as the whole process is costly and resource-intensive.
Change in how Google Chrome responds to non-secure Websites
There is now another reason to switch which is more compelling. Google has accelerated the urgency of switching to HTTPS, not through increasing ranking factors, but by influencing how non-secure sites appear in the Google Chrome browser.
In the very near future Google’s Chrome browser will display a red warning triangle in the address bar for ALL pages that DO NOT have HTTPS set up.
That means whether or not your site is an e-commerce site, if it is not using HTTPS your entire site will be flagged in the address bar of Google chrome as being non-secure. While this will not affect your rankings, it will affect what your site visitor thinks about your site.
To the average user, your website will look at best broken and at worst, dangerous to use!
How is Google rolling this out?
Starting January 2017 Chrome 56 will label HTTP pages with password or credit card form fields as ‘not secure’.
In following releases, HTTP warnings will be extended (firstly in incognito search).
Eventually there plan is to label all HTTP pages as non-secure and change the security indicator to a red triangle.
As a result of this announcement from Google, Intergage has decided to provide our CMS users with a FREE SSL certificate (previously worth £250-£550) to make sure they do not fall foul of this browser issue. Before we implement your Certificate and switch your site over we will need to perform an audit on your site, and again, we will be offering this FREE-of-charge.
Instead of a horrible red triangle, get yourself a nice green padlock!
Why do you need a FREE audit first?
While we can offer you a free certificate, unfortunately, there is a large amount of work involved in successfully switching your site to use an SSL certificate. The FREE audit will tell us the size of the job in hand and what chargeable time may be required to switch your site successfully to SSL.
We anticipate that it may cost up to £600 to address all of the incompatibilities found in the audit and then switch the site over. This is a one-off cost and based upon what we find in the audit and as such, is for guidance only.
What is HTTPS and how does it work?
HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of your users' data between each user's computer and the site. For example, when a user enters data into a form on your site in order to subscribe to updates or purchase a product, HTTPS protects that user's personal information between the user and the site. Users expect a secure online experience when providing data via a website. It is important to adopt HTTPS in order to protect your users' connections to your website.
Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:
Encryption - encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can ‘listen’ to their conversations, track their activities across multiple pages or steal their information.
Data integrity - data cannot be modified or corrupted during transfer (intentionally or otherwise) without being detected.
Authentication - proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.