Return to site

Take steps to secure now with HTTPs

Google is now marking non-HTTPs site as affirmatively non-secure when users interact with your site

· Services

20 October 2018 update: Google is now marking all non-HTTPS compliant websites as 'affirmatively not secure' with its Chrome 70 update. This means that if the user interacts with any input field, 'not secure' displayed in the browser turns red.

The eventual treatment of all non-HTTPs sites is that they will be marked affirmatively not secure regardless of whether the user interacts with the site or not. There is no target date yet for the final state.

Google is still displaying random screen splashes (see below: 'your connection is not secure') to non-https sites and also gives lower SEO juice to sites which do not comply. See Google notices at the end of this post.

If you haven't got on board yet, what are you waiting for?

NOTE: this post has been updated several times since the original post in May warning users to get on board to HTTPS as Google would start marking them 'not secure' and 'affirmatively not secure'. We will continue to update this thread as more information becomes available. You can subscribe to this blog to get future updates using the subscribe option at the end of this post.

Think about HTTPS.

Earlier this year Google started gradually marking sites using HTTP as not secure. What a surprise when I came across very familiar sites marked this way. Here's what it looks like if you're wondering what I'm talking about.

Google powers 65% of the web so that alone should make you stand up and take notice. But if not, you should also know that other companies are following suit. With Microsoft, in Internet Explorer, here's what you will see:

Trust is a big issue with the Internet so Google has been encouraging people to move to HTTPs. The problem is that it can cost money, it takes time to do, and your site can be down for some time too. However, HTTPS is becoming cheaper and easier to integrate so Google now wants everyone to get to it and they're setting a deadline too.

ImpulseHub and Strikingly Websites

Strikingly started supporting HTTPS by default at the end of 2017. All ImpulseHub designed websites that went live this year (or at the very end of last year) are good to go. If you're in this category, your site will already be on HTTPs.

If you're still on HTTP you need to move to HTTPS to avoid getting nasty 'not secure' messages appearing on your website. Google gave people until last July to get moved or else face the consequences. If you didn't move your visitors will now see 'not secure' on your site. In October, 'not secure' will turn red if the user interacts with any input field.

82% of visitors will not interact with your site if they see it is not secure. See more about this in a great little HubSpot video here.

Checking your site

If you want to check to see if HTTPS is on your site or not, open your site up in a browser and check the address shown. Secure sites will look like the address in the bottom image below. Sites that are NOT currently HTTPS will look like the address on the top.

Upgrading to HTTPS

Note that upgrading to HTTPS is a once off change. It is not something that is done often because the protocol is something that is agreed to and standardized by International committees that include the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C).

If you are not an ImpulseHub client, check with your hosting provider about getting your site upgraded to HTTPS. They should be able to advise you on how best to do this.

Other than the stick of getting people to HTTPS by telling visitors that say your site is not secure, there is a carrot too. Your site will be given preference in terms of SEO. #smallFavours

All ImpulseHub websites are HTTPS as standard

All new ImpulseHub websites are secure. Unlike many other places, this is included as standard. There's no additional fees, no yearly charge, you don't even have to ask. You get it for nothing. That's right, nada.

If you have questions about whether you site is secure, you want to discuss how to make the most of your website, or make it run better for your business, get in touch. We offer a free 30-minute consultation.

Google updates on HTTPS:

  • In "A secure web is here to stay" (8 Feb 2018), Google says they will mark all non-HTTPS as non-secure from July 2018.
  • In "Evolving Chrome's security indicators" (17 May 2018) Google says that they’ll soon start marking all HTTP pages as “not secure”, and step towards removing Chrome’s positive security indicators so that the default unmarked state is secure.
  • Timeline on the Chromium Project here includes dates on how Google will make the web more secure.
For those who are comfortable with tech and on Wordpress (or a platform where HTTPS is not standard), this link might be useful: HTTPS Is Easy. It shows how to get setup using Cloudflare for free.
All Posts
×

Almost done…

We just sent you an email. Please click the link in the email to confirm your subscription!

OKSubscriptions powered by Strikingly