Google Punishes Insecure Sites, Makes SSL A Standard

If your website is not secure, Google is going to publicly shame it.

An unsecured website can mean huge problems for both its owners and its users. Starting July 1st, 2018, Google Chrome is going to take serious measures to show its users, which websites have no data encryption.

This will strongly affect websites which still use the HTTP (Hypertext Transfer Protocol) which doesn't encrypt user data and makes pages vulnerable to eavesdropping attacks.

What is Google going to do and how can users solve that issue?

Google's Chrome browser will mark HTTP websites with no secure SSL certificate as 'Not Secure'.

By getting an SSL for their projects, website owners can upgrade to HTTPS - and make both their visitors and Google happy with what it brings.

Google Chrome aims for security

For the last few years, Google has been a strong advocate of SSL-secured websites. This goes way back to 2014 when it was decided that the search giant will rank secure HTTPS websites over the less secure HTTP ones.

We're starting to use HTTPS as a ranking signal. <...> We’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.Google Webmasters Blog, August 2014.

Laying the foundations for an encrypted and more secure web, Google has gradually increased the rewards for secure websites.

Back in Spring of 2017, with the Chrome 62 browser, Google introduced a system which helped users see which websites don't encrypt user data that is received.

Once a visitor started typing some sort of information into a website, a "Not Secure" ribbon appeared in the address bar, informing the user about the status of the website.

With Chrome 68 - coming in July - this ribbon will be there from the very start - without typing in any user data.

It comes without saying - no website owners want their websites to be branded with a mark that makes them look like they aren't secure.

With the new version of Chrome, the address bar will always feature one of the three statuses of the page's security.

  • Secure will be reserved for HTTPS websites with full SSL encryption.
  • Info/Not secure will mark basic website with no SSL.
  • Not secure/Dangerous is going to be left for pages with no SSL and with a history of collecting sensitive user data.

So, in short, if a website still uses basic HTTP with no SSL, it will be even easier for its users to see that.

SSL is a smart investment to make

If you're looking to secure your website with an SSL, there are two ways to go about it.

  • Get a free SSL certificate. "Let's Encrypt" is a value way to encrypt the data of your page. There are plenty of Let's Encrypt tutorials which may help you get everything sorted out. However, be wary - even with a tutorial by your side, it can still be a slightly tricky task.
  • Purchase a premium SSL. They, of course, cost a little bit of money - starting from a couple dollars a month. But these certificates are very easy to install and if something goes wrong, helpful support goes a long way. There are plenty of SSL stores who provide the certificates. Or sometimes, you may ask your hosting provider for one - companies like SiteGround and Hostinger add SSLs together with the hosting purchase.

In many ways, it may appear that SSL is only useful if you're selling online - and handling very sensitive user data, such as financial information. However, an SSL certificate is useful in more than just this way.

SSL certificates not only protect - they are overall a very good way to earn the trust of your visitors.

Obtaining an SSL requires documentation, proving the legitimacy of your business. The certificate is not only a sign of security, it's also a sign of verification. As users become more tech-savvy, they understand the importance of legitimate, safe websites.

Furthermore, it could be a bit tricky advertising your blog or business, with the address bar looking like that:

Let's not forget another very important factor of a successful website - Google rankings.

Back in 2014, Google has started using HTTPS as a ranking signal, affecting the pages and their search query positions.

If a website doesn't rank high on Google and doesn't have an active SSL certificate - this could very well be the reason.

SSL certificates guarantee full anonymity

Even though Netscape invented SSL back in 1994, it took a long time for it to become mainstream. Even to this day, a huge number of websites still don't have it - and just like that, they put their users in danger.

SSL protects the flow of data between the website and the user. No one in the middle can eavesdrop and collect the data.

Information including email addresses, password, personal information, or even stuff like credit card numbers and bank logins gets a layer of crucial protection.

Here's how SSLs work:

  1. A connection between the visitor and the website is made. An SSL Handshake happens, and the transmission is now being overseen.
  2. The website sends its certificate to the user - including technical specifications.
  3. The user's browser checks the validity of the certificate. This is where Google Chrome comes in. Highest possible mutual level of encryption is selected - and the data is being sent. But it's coded, so it's impossible for third parties to know, just what exactly the passwords or the numbers on the credit cards really are.

In short - if you don't want your user data to leak, you should upgrade to HTTPS and get an SSL certificate.

This is the logic Google seems to have applied.

Getting an SSL certificate is easier than ever before

In order to make HTTPS websites a default for all websites, the online community is more dedicated than ever to help developers do the transition. Google mixed content audits are set up to help developers migrate insecure content and a Google Lighthouse tool will help see the overall issues of a page.

And as mentioned previously, there are plenty of ways to get an SSL certificate. There's free "Let's Encrypt" and for those still looking to acquire a premium, advanced SSL certificate, there are a lot of SSL stores which will help you secure your website in no time.

SSLs are here to stay

According to Google, HTTP is a protocol, putting sensitive user data in danger.

The Internet should be safe and available to everyone - and SSLs help keep that a reality.

By taking a step to tell the users all about the website security, Google Chrome is doing a necessary step.

At the end - there is no reason not to have SSL and not to have HTTPS. It is really best explained by Google itself.

HTTPS is easier and cheaper than ever before, and it unlocks both performance improvements and powerful new features.Chromium Blog, February 2018.

Paul joined the Hosting.Review team right from the start as a content writer and marketer. He was the person responsible for establishing a trademark for in-depth web hosting evaluation and superb review articles. Before joining Hosting.Review, Paul was working on various projects as a freelancer. Paul spends his free time reading fantasy books and graphic novels.

Leave a Comment

  1. Bill picture Bill
    2019 March 6th
    Reply

    My website is hosted on Go Daddy. They said to get this SSL, it would cost, with a 30 percent discount, $279. Does that sound right?

    1. Leonard Ramirez picture Leonard Ramirez
      2019 March 30th
      Reply

      Hi Bill – Absolutely not. SSL certs are averaging about $59/year now. Some as low as $39 and some as high as $79, but no, if they’re charging you $279, it’s time to move your site.

      1. CJ Rhoads (Please note: The form instructions are contradictory) picture CJ Rhoads (Please note: The form instructions are contradictory)
        2019 April 6th
        Reply

        Hi, Leonard. Thanks for answering Bills, question, but I believe that Bill has stated the price wrong for GoDaddy. SSL for one domain on GoDaddy is $69 a year. It is the wildcard SSL, the one that would work for all the subdomains as well that costs $279. I have plenty of issues with GoDaddy, but their pricing is not one of them.

  2. Pete picture Pete
    2019 February 4th
    Reply

    I see many crap websites ranking on page 1 that are not SSL
    poorly built etc
    Same in GMB listings too.
    It’s confusing why this is still the case after all this time!

    1. Leonard Ramirez picture Leonard Ramirez
      2019 March 30th
      Reply

      Not for long Pete. As long as it takes for people to get their site ranked high, it will take months for them to roll down the rankings as well. The new Google algorithm will begin to ignore sites not secure. It’s been something Google has been discussing since 2014. Not only is it a good idea because people who don’t maintain their sites have left a lot of garbage out on the internet. I don’t know about you, but I’m tired of seeing outdated and unmaintained crap come up in my results.

  3. xxnx picture xxnx
    2019 January 14th
    Reply

    I think it is wise to use an SSL, however I do not approve of Google s forceful way of pushing the issue. They are basically lying. A website that does not collect any data from its users is in no way less secure because it doesn t have an SSL. Labeling that website insecure for that reason alone is misleading and in my opinion borderlines with defamation.

    1. Leonard Ramirez picture Leonard Ramirez
      2019 March 30th
      Reply

      Hi xxnx – I’m sorry to hear you disapprove, however, I’m tired of searching for information and getting mega-crap results delivered to me that is outdated and unmaintained. With all of the hijacking, hacking, and malware out there finding their way in, even if it’s to check for login information (we know how many people use the same password for websites as they do for bank accounts), it’s a good idea to secure websites. It’s another way to filter out the good from the bad – the authorities on topics from the people who just say anything to get business or to sound like the smart guy in the bunch. Time changes and so do facts. I’d rather have updated and authoritative information coming from reliable resources. Wouldn’t you?

      1. CJ Rhoads (Please note: The form instructions are contradictory) picture CJ Rhoads
        2019 April 6th
        Reply

        While I understand what you are saying, Leonard, I have to agree with xxnx. You mentioned, for example, that this would be a way to eliminate outdated and un-maintained information. You also mentioned about login information, and filtering out the good from the bad. However, forcing everyone to get SSL does not accomplish any of that. Instead it will prevent even good, well-maintained non-profit sites without ANY login information to pay big bucks they cannot afford for no benefit or value. It is completely unfair, and will decrease the number and quality of unbiased, free, and essential information provided by companies that are not profit oriented. It’s a travesty, and I’m wholeheartedly against it. I had been providing certain non-profit groups (dedicated to health, prosperity, or leadership) free websites under my domain, but with this new charge, I won’t be able to do that anymore. They will have to come up with the money to pay for the extortion managed by Google, or give up their piece of the web.

Get new blog posts by email: