If your website is not secure, Google is going to publicly shame it.
An unsecured website can mean huge problems for both its owners and its users. Starting July 1st, 2018, Google Chrome is going to take serious measures to show its users, which websites have no data encryption.
This will strongly affect websites which still use the HTTP (Hypertext Transfer Protocol) which doesn't encrypt user data and makes pages vulnerable to eavesdropping attacks.
What is Google going to do and how can users solve that issue?
Google's Chrome browser will mark HTTP websites with no secure SSL certificate as 'Not Secure'.
By getting an SSL for their projects, website owners can upgrade to HTTPS - and make both their visitors and Google happy with what it brings.
Google Chrome aims for security
For the last few years, Google has been a strong advocate of SSL-secured websites. This goes way back to 2014 when it was decided that the search giant will rank secure HTTPS websites over the less secure HTTP ones.
We're starting to use HTTPS as a ranking signal. <...> We’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.Google Webmasters Blog, August 2014.
Laying the foundations for an encrypted and more secure web, Google has gradually increased the rewards for secure websites.
Back in Spring of 2017, with the Chrome 62 browser, Google introduced a system which helped users see which websites don't encrypt user data that is received.
Once a visitor started typing some sort of information into a website, a "Not Secure" ribbon appeared in the address bar, informing the user about the status of the website.
With Chrome 68 - coming in July - this ribbon will be there from the very start - without typing in any user data.
It comes without saying - no website owners want their websites to be branded with a mark that makes them look like they aren't secure.
With the new version of Chrome, the address bar will always feature one of the three statuses of the page's security.
- Secure will be reserved for HTTPS websites with full SSL encryption.
- Info/Not secure will mark basic website with no SSL.
- Not secure/Dangerous is going to be left for pages with no SSL and with a history of collecting sensitive user data.
So, in short, if a website still uses basic HTTP with no SSL, it will be even easier for its users to see that.
SSL is a smart investment to make
If you're looking to secure your website with an SSL, there are two ways to go about it.
- Get a free SSL certificate. "Let's Encrypt" is a value way to encrypt the data of your page. There are plenty of Let's Encrypt tutorials which may help you get everything sorted out. However, be wary - even with a tutorial by your side, it can still be a slightly tricky task.
- Purchase a premium SSL. They, of course, cost a little bit of money - starting from a couple dollars a month. But these certificates are very easy to install and if something goes wrong, helpful support goes a long way. There are plenty of SSL stores who provide the certificates. Or sometimes, you may ask your hosting provider for one - companies like SiteGround and Hostinger add SSLs together with the hosting purchase.
In many ways, it may appear that SSL is only useful if you're selling online - and handling very sensitive user data, such as financial information. However, an SSL certificate is useful in more than just this way.
SSL certificates not only protect - they are overall a very good way to earn the trust of your visitors.
Obtaining an SSL requires documentation, proving the legitimacy of your business. The certificate is not only a sign of security, it's also a sign of verification. As users become more tech-savvy, they understand the importance of legitimate, safe websites.
Furthermore, it could be a bit tricky advertising your blog or business, with the address bar looking like that:
Let's not forget another very important factor of a successful website - Google rankings.
Back in 2014, Google has started using HTTPS as a ranking signal, affecting the pages and their search query positions.
If a website doesn't rank high on Google and doesn't have an active SSL certificate - this could very well be the reason.
SSL certificates guarantee full anonymity
Even though Netscape invented SSL back in 1994, it took a long time for it to become mainstream. Even to this day, a huge number of websites still don't have it - and just like that, they put their users in danger.
SSL protects the flow of data between the website and the user. No one in the middle can eavesdrop and collect the data.
Information including email addresses, password, personal information, or even stuff like credit card numbers and bank logins gets a layer of crucial protection.
Here's how SSLs work:
- A connection between the visitor and the website is made. An SSL Handshake happens, and the transmission is now being overseen.
- The website sends its certificate to the user - including technical specifications.
- The user's browser checks the validity of the certificate. This is where Google Chrome comes in. Highest possible mutual level of encryption is selected - and the data is being sent. But it's coded, so it's impossible for third parties to know, just what exactly the passwords or the numbers on the credit cards really are.
In short - if you don't want your user data to leak, you should upgrade to HTTPS and get an SSL certificate.
This is the logic Google seems to have applied.
Getting an SSL certificate is easier than ever before
In order to make HTTPS websites a default for all websites, the online community is more dedicated than ever to help developers do the transition. Google mixed content audits are set up to help developers migrate insecure content and a Google Lighthouse tool will help see the overall issues of a page.
And as mentioned previously, there are plenty of ways to get an SSL certificate. There's free "Let's Encrypt" and for those still looking to acquire a premium, advanced SSL certificate, there are a lot of SSL stores which will help you secure your website in no time.
SSLs are here to stay
According to Google, HTTP is a protocol, putting sensitive user data in danger.
The Internet should be safe and available to everyone - and SSLs help keep that a reality.
By taking a step to tell the users all about the website security, Google Chrome is doing a necessary step.
At the end - there is no reason not to have SSL and not to have HTTPS. It is really best explained by Google itself.
HTTPS is easier and cheaper than ever before, and it unlocks both performance improvements and powerful new features.Chromium Blog, February 2018.