Posted Jun 19, 2018 by Cole Bednarski
After years of advocating that sites adopt HTTPS encryption, Google will begin to identify HTTP sites as insecure in the Chrome browser in their upcoming version release in July 2018. Almost half of the 1.5 billion active websites accessible today are still using the HTTP connection protocol, and these sites will be shown to users as “not secure” in the Google Chrome browser. No padlock icon for you. We presume that mayhem and chaos will probably reign as website owners scramble to get their sites to HTTPS as quickly as possible.
What does this mean for your website? In an increasingly tech-savvy consumer world, this will likely result in a drop in organic and paid site traffic. Next thing you know, your SERP positions are dropping, your sales are plummeting, the roof spontaneously bursts into flames, and you’re looking back at June 2018 wishing you had made the change to HTTPS before all the madness erupted. This change in how the URL bar appears for insecure websites will coincide with the release of Chrome 68 and will look like this in a user’s browser:
The Hypertext Transfer Protocol (HTTP) connection is the O.G. of communication protocols. It’s the foundation of data communication on the World Wide Web. When a user visits a website, information about that experience is cached and can be used by the domain owner – there are restrictions on this too, don’t freak out. But if the user visits a website that communicates via HTTP, the connection is not secure, and a third party could potentially steal or manipulate any data passed back and forth. Like, say, credit card information.
This is exactly why HTTP was considered outdated within less than a decade of its implementation and replaced (in spirit for many) with HTTPS, providing users a safe environment to browse and buy. Which we, as eCommerce folk, all want more of, right? Right.
HTTPS is secure. When you make a connection with a website the data being sent is encrypted. Basically, it makes it worthless to anyone without the corresponding key – that handy bit of code you have in the HTML. Beyond security, HTTPS also blocks ISPs from injecting ads on your website, it is faster and performs better than HTTP and, finally, you have to have encryption in order to use HTTP/2, which is being used more and more everyday.
Excellent question. If you have someone, like Human Element, doing maintenance on the site or managing your digital marketing and SEO, they will likely be able to complete the update for you (we can) or at least guide you through the steps from start to finish. If you’re flying the pterodactyl alone, here are the basics:
The SSL (Secure Sockets Layer) is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication. The usage of SSL technology ensures that all data transmitted between the web server and browser remains encrypted. Do the research and make sure that you order the correct certificate. You may just have a single domain or you may have something more complicated like sub-domains or even multiple domains – and your needs for a specific SSL type will be different depending on this. If you need an SSL, we recommend ordering one from Nexcess, as they’re some of our favorite hosting people. If you’re hosted with Nexcess, they will likely be able to help you get it installed as well.
There are several more steps to finish your move to HTTPS. Before starting your migration, we recommend making a launch checklist for your move to HTTPS. Depending on the complexity of your site, it could be a few quick updates in the admin or for more complex websites, it might require a more involved test/resolution scenario. Before you update your website settings to use the HTTPS protocol in your URLs, make sure you’ve considered or have a plan for the following:
We recommend reaching out to your marketing or technical development team to assist you and make sure you don’t miss anything in your migration. Each site is different, and if you have integrations to third party ERP or accounting systems, search tools, or a content delivery network (CDN) service, the move to HTTPS could be more complex than you might anticipate.
Simply put, in 2018, updating to HTTPS is just one of those things every website owner needs to tackle. There are too many benefits associated with making the move to HTTPS, and too many negatives if you choose not to make that critical move. Users know the risks associated with visiting a website without a secure connection, and Google already gives preference to HTTPS destinations. Get started now and flaunt your HTTPS status before the Chrome 68 update lands in July.