HTTPS is an encryption protocol for the Internet and Google just let us know, again, that they are serious about getting websites secure.
Back in August of 2014 Google first started talking about the importance of using encryption on websites that are passing either credit card information or password information. This information is typically passed from a form on a website.
This seemed, at the time, to be directed towards websites that were selling something and having the customers pay with a credit card. Not anymore!
Now we’re hearing Google ringing the security bell again and this time they’re trying to encourage website owners and marketers to take action on this issue.
What The Heck Is HTTP / HTTPS??
Ok, let’s take a couple of minutes to break down exactly what is happening.
Right now most domains are setup without any encryption. If you could see a website’s entire domain address (with the http part) you would know if it is a secure site, or not. If a site has http at the beginning of the domain it is not secure. If a site’s domain has https at the beginning, then it is secure.
Unfortunately, with the most recent browsers, many time’s you can’t easily see the http part of the domain, on insecure sites. Instead, you’ll see an information icon like in the picture below.
If you click on the information icon, you’ll see a menu that looks like this.
And then from this menu, you can click on “Details” and another window will popup that will tell you that the site is not secure.
Obviously, that’s a LOT of work to figure out if a site is secure or not and most people are not going to go through the trouble of finding out.
If, however, a site is secure, you will see the https part right in the domain name within the address bar. Here’s what Google’s domain looks like:
You’ll notice the “https” at the beginning of the domain address.
So, if you looked at your site, chances are really good that your full domain would read http://www.mycompany.com.
What this means is that any information that people enter into any form on your site is being passed back to the server that your site is hosted on, in an unencrypted manner.
[Tweet “Unencryption means that dubious people can see the entire stream of data that is going back to your server as plain text!”]
Unencryption means that dubious people can see the entire stream of data that is going back to your server as plain text! Just like what you’re reading in this post. They don’t even have to guess about the data, it’s in plain sight!
What Is This Google Encouragement To Use HTTPS?
Like I said, Google would like to see every site on the Internet be a secure site. And, with their dominance in search, the best way that they can encourage site owners and marketers to support this is by using encryption as a search signal.
Yup, that’s right, if your site isn’t using encryption, you stand the risk of losing SEO ranking positions.
Actually, it’s already happening. Remember I mentioned that Google first started telling us that they are committed to a secure web in Aug of `14. Well, Brian Dean, over at Backlinko, analyzed over a million search results to find out what factors correlate with a first-page ranking. They found that there is a correlation with rankings on Google’s first page and sites that have encrypted their site via HTTPS.
Now, this is not a dominant signal, yet. But, with Google’s focus on this, there is a very good chance that it will become stronger.
As I mentioned, even though Google first started talking about encryption and HTTPS back in `14, they’ve started to talk about this again. In a post on their Security Blog, on Sept 8th, 2016, they let us know that there are going to be some changes in their Chrome browser update that is going to further encourage website owners to update their sites. Here are some bullet points:
- Begining Jan 2017 Chrome will mark sites that collect passwords and/or credit card information as non-secure. This is going to be a big red-flag to anyone that is visiting your site that it is not secure!
- The warnings will increase with subsequent updates, as an example, they will eventually label non-secure pages even in Incognito mode.
- The is a plan to increase the visibility of the non-secure warning of a page by changing the non-secure indicator in the browser to red
What’s Involved In Moving To HTTPS?
Google has laid out a step-by-step process that you can follow to convert a site over to the HTTPS protocol. It’s important to know that this isn’t a DIY project that you should take on. The repercussions of doing it wrong could have very serious effects on your website.
Get in touch with your agency or developer and work with them to develop a conversion plan that will ensure that your site remains intact and that you don’t loose any of the SEO rankings that you currently have.