Get Serious About Using SSL, or Get Penalized by Google
by Sarah Warlick, content director
With cyberscurity, data breaches and identity theft in the news all too often these days, Google is nudging website owners to take steps toward a safer online environment for their audiences. Starting in 2017, the company will be penalizing sites that don’t use a secure socket layer (SSL) on their Chrome browser, and notifying Chrome users that the site may be unsafe.
The change doesn’t come out of the blue. Since as far back as 2014 Google has been giving a slight edge in page ranks to sites that did utilize the security tools. Their September announcement simply takes the push for HTTPS a few steps further. (Sites that add the SSL certificate connect via HTTPS; those that don’t remain HTTP connections.)
Come January, Google will mark certain pages as unsafe in Chrome. Any HTTP page where site visitors can enter passwords or credit cards will bear the “Not secure” tag to alert users that others may intercept their information. That’s only the beginning though. The company wants all connections to be HTTPS in the future, as they describe in their security blog:
Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria. Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as “not secure,” given their particularly sensitive nature.
In following releases, we will continue to extend HTTP warnings, for example, by labeling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.
Though it’s relatively cheap and simple to get and use an SSL certificate for your website, the process can cause a few SEO headaches. Luckily, these problems are easily managed with a little guidance, or the help of a trusted web developer or other IT expert. Google also provides advice to developers who need assistance updating their sites to incorporate SSL.
If you’ve known this was coming but didn’t want to deal with it quite yet, now is the time. Aside from the enhanced security you’ll offer site visitors, the potential SEO and perception consequences of not complying with the move toward HTTPS make avoiding the issue a costly mistake. And while Chrome may be first browser to implement such a program, others are sure to follow on Google’s heels.
One more thing – even if you currently use SSL, to avoid being penalized you’ll need to be sure your site is correctly and completely encrypted. Leaving some pages or page elements unencrypted will still result in a “Not secure” tag that’s likely to alarm site visitors and discourage them from exploring your site.
SSL isn’t too difficult, and it’s becoming more critical to your firm’s web presence. Read up, reach out or do whatever you have to in order to ensure that your site is fully compliant with Google’s new policy regarding secure websites.