Google Punishes Insecure Sites, Makes SSL A Standard

If your website is not secure, Google is going to publicly shame it.

An unsecured website can mean huge problems for both its owners and its users. Starting July 1st, 2018, Google Chrome is going to take serious measures to show its users, which websites have no data encryption.

This will strongly affect websites which still use the HTTP (Hypertext Transfer Protocol) which doesn't encrypt user data and makes pages vulnerable to eavesdropping attacks.

What is Google going to do and how can users solve that issue?

Google's Chrome browser will mark HTTP websites with no secure SSL certificate as 'Not Secure'.

By getting an SSL for their projects, website owners can upgrade to HTTPS - and make both their visitors and Google happy with what it brings.

Google Chrome aims for security

For the last few years, Google has been a strong advocate of SSL-secured websites. This goes way back to 2014 when it was decided that the search giant will rank secure HTTPS websites over the less secure HTTP ones.

We're starting to use HTTPS as a ranking signal. <...> We’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.Google Webmasters Blog, August 2014.

Laying the foundations for an encrypted and more secure web, Google has gradually increased the rewards for secure websites.

Back in Spring of 2017, with the Chrome 62 browser, Google introduced a system which helped users see which websites don't encrypt user data that is received.

Once a visitor started typing some sort of information into a website, a "Not Secure" ribbon appeared in the address bar, informing the user about the status of the website.

With Chrome 68 - coming in July - this ribbon will be there from the very start - without typing in any user data.

It comes without saying - no website owners want their websites to be branded with a mark that makes them look like they aren't secure.

With the new version of Chrome, the address bar will always feature one of the three statuses of the page's security.

  • Secure will be reserved for HTTPS websites with full SSL encryption.
  • Info/Not secure will mark basic website with no SSL.
  • Not secure/Dangerous is going to be left for pages with no SSL and with a history of collecting sensitive user data.

So, in short, if a website still uses basic HTTP with no SSL, it will be even easier for its users to see that.

SSL is a smart investment to make

If you're looking to secure your website with an SSL, there are two ways to go about it.

  • Get a free SSL certificate. "Let's Encrypt" is a value way to encrypt the data of your page. There are plenty of Let's Encrypt tutorials which may help you get everything sorted out. However, be wary - even with a tutorial by your side, it can still be a slightly tricky task.
  • Purchase a premium SSL. They, of course, cost a little bit of money - starting from a couple dollars a month. But these certificates are very easy to install and if something goes wrong, helpful support goes a long way. There are plenty of SSL stores who provide the certificates. Or sometimes, you may ask your hosting provider for one - companies like SiteGround and Hostinger add SSLs together with the hosting purchase.

In many ways, it may appear that SSL is only useful if you're selling online - and handling very sensitive user data, such as financial information. However, an SSL certificate is useful in more than just this way.

SSL certificates not only protect - they are overall a very good way to earn the trust of your visitors.

Obtaining an SSL requires documentation, proving the legitimacy of your business. The certificate is not only a sign of security, it's also a sign of verification. As users become more tech-savvy, they understand the importance of legitimate, safe websites.

Furthermore, it could be a bit tricky advertising your blog or business, with the address bar looking like that:

Let's not forget another very important factor of a successful website - Google rankings.

Back in 2014, Google has started using HTTPS as a ranking signal, affecting the pages and their search query positions.

If a website doesn't rank high on Google and doesn't have an active SSL certificate - this could very well be the reason.

SSL certificates guarantee full anonymity

Even though Netscape invented SSL back in 1994, it took a long time for it to become mainstream. Even to this day, a huge number of websites still don't have it - and just like that, they put their users in danger.

SSL protects the flow of data between the website and the user. No one in the middle can eavesdrop and collect the data.

Information including email addresses, password, personal information, or even stuff like credit card numbers and bank logins gets a layer of crucial protection.

Here's how SSLs work:

  1. A connection between the visitor and the website is made. An SSL Handshake happens, and the transmission is now being overseen.
  2. The website sends its certificate to the user - including technical specifications.
  3. The user's browser checks the validity of the certificate. This is where Google Chrome comes in. Highest possible mutual level of encryption is selected - and the data is being sent. But it's coded, so it's impossible for third parties to know, just what exactly the passwords or the numbers on the credit cards really are.

In short - if you don't want your user data to leak, you should upgrade to HTTPS and get an SSL certificate.

This is the logic Google seems to have applied.

Getting an SSL certificate is easier than ever before

In order to make HTTPS websites a default for all websites, the online community is more dedicated than ever to help developers do the transition. Google mixed content audits are set up to help developers migrate insecure content and a Google Lighthouse tool will help see the overall issues of a page.

And as mentioned previously, there are plenty of ways to get an SSL certificate. There's free "Let's Encrypt" and for those still looking to acquire a premium, advanced SSL certificate, there are a lot of SSL stores which will help you secure your website in no time.

SSLs are here to stay

According to Google, HTTP is a protocol, putting sensitive user data in danger.

The Internet should be safe and available to everyone - and SSLs help keep that a reality.

By taking a step to tell the users all about the website security, Google Chrome is doing a necessary step.

At the end - there is no reason not to have SSL and not to have HTTPS. It is really best explained by Google itself.

HTTPS is easier and cheaper than ever before, and it unlocks both performance improvements and powerful new features.Chromium Blog, February 2018.

Paul joined the Hosting.Review team right from the start as a content writer and marketer. He was the person responsible for establishing a trademark for in-depth web hosting evaluation and superb review articles. Before joining Hosting.Review, Paul was working on various projects as a freelancer. Paul spends his free time reading fantasy books and graphic novels.

Leave a Comment

    • Pete portrait Pete
    • 2019 February 4th

    I see many crap websites ranking on page 1 that are not SSL
    poorly built etc
    Same in GMB listings too.
    It’s confusing why this is still the case after all this time!

    • xxnx portrait xxnx
    • 2019 January 14th

    I think it is wise to use an SSL, however I do not approve of Google s forceful way of pushing the issue. They are basically lying. A website that does not collect any data from its users is in no way less secure because it doesn t have an SSL. Labeling that website insecure for that reason alone is misleading and in my opinion borderlines with defamation.


Hostinger logo 9.8 Read Review
BlueHost logo 9.4 Read Review
a2 hosting logo 9.3 Read Review
SiteGround logo 9.2 Read Review
9.0 Read Review

Get new blog posts by email: