Google Punishes Insecure Sites, Makes SSL A Standard

An unsecured website can mean huge problems for both its owners and its users. And to improve the situation, starting July 1st, 2018, Google Chrome took serious measures to show its users, which websites have no data encryption.

This will strongly affect websites which still use the HTTP (Hypertext Transfer Protocol) which doesn't encrypt user data and makes pages vulnerable to eavesdropping attacks.

What is Google going to do and how can users solve that issue?

Google's Chrome browser will mark HTTP websites with no secure SSL certificate as 'Not Secure'.

By getting an SSL for their projects, website owners can upgrade to HTTPS - and make both their visitors and Google happy with what it brings.

Google SSL Certificate Recognition - Aiming For Security

For the last few years, Google has been a strong advocate of SSL-secured websites. This goes way back to 2014 when it was decided that the search giant will rank secure HTTPS websites over the less secure HTTP ones.

As stated in Google Webmasters Blog, this way website owners are encouraged to take web security more seriously. If not for the sake of visitors, then for the website's value.

Laying the foundations for an encrypted and more secure web, Google has gradually increased the rewards for secure websites.

Back in Spring of 2017, with the Chrome 62 browser, Google introduced a system which helped users see which websites don't encrypt user data that is received.

Once a visitor started typing some sort of information into a website, a "Not Secure" ribbon appeared in the address bar.

This way the user is informed about the status of the website while providing their info.

With Chrome 68 - starting from July 2018 - this ribbon is there from the very start. Now the visitor knows the level of security without typing in any user data.

And it comes without saying - no website owners want their websites to be branded with a mark that makes them look like they aren't secure.

With the new version of Chrome, the address bar will always feature one of the three statuses of the page's security:

  • Secure will be reserved for HTTPS websites with full SSL encryption.
  • Info/Not secure will mark basic website with no SSL.
  • Not secure/Dangerous is going to be left for pages with no SSL and with a history of collecting sensitive user data.

So, in short, if a website still uses basic HTTP with no SSL, it will be even easier for its users to see that.

Google: SSL Certificates Are Here To Stay

According to Google, HTTP is a protocol, putting sensitive user data in danger. But the initial idea is that the Internet should be safe and available to everyone - and SSLs help keep that a reality.

By showing the users all about the website security, Google Chrome is doing a necessary step.

And actually, there is no reason not to have SSL and not to have HTTPS. As Google states in its Chromium Blog, with the HTTPS you can improve the performance as well as unlock new features.

So it shouldn't be a surprise that these security protocols are becoming a natural part of any website.

What Is SSL Certificate?

SSL (Secure Sockets Layer) is a protocol that guarantees full anonymity of the page visitor. SSL certificates protect the flow of data between the website and the user. No one in the middle can sneak in and collect the data.

Information including email addresses, password, personal information, or even stuff like credit card numbers and bank logins gets a layer of crucial protection.

Here's how SSL certificate works:

  1. A connection between the visitor and the website is made. An SSL Handshake happens, and the transmission is now being overseen.
  2. The website sends its certificate to the user - including technical specifications.
  3. The user's browser checks the validity of the certificate. This is where Google Chrome comes in. Highest possible mutual level of encryption is selected - and the data is being sent. But it's coded, so it's impossible for third parties to know, just what exactly the passwords or the numbers on the credit cards really are.

In short - if you don't want your user data to leak, you should upgrade to HTTPS and get an SSL certificate.

But although Netscape invented SSL back in 1994, it took a long time for it to become mainstream. Even to this day, a huge number of websites still don't have it - and just like that, they put their users in danger.

Therefore, Google is now influencing the situation by keeping the visitors informed about the website's security.

How To Get An SSL Certificate?

If you're looking to secure your website with an SSL, there are two ways to go about it.

  • Get a free SSL certificate"Let's Encrypt" is a valuable way to encrypt the data of your page. There are plenty of Let's Encrypt tutorials which may help you get everything sorted out. However, be wary - even with a tutorial by your side, it can still be a slightly tricky task.
  • Purchase a premium SSL. They, of course, cost a little bit of money - starting from a couple of dollars a month. But these certificates are very easy to install and if something goes wrong, helpful support goes a long way. There are many SSL stores who provide the certificates. Or sometimes, you may ask your hosting provider for one - companies like SiteGround and Hostinger include SSL certificates with the hosting purchase.

In many ways, it may appear that SSL is only useful if you're selling online - and handling very sensitive user data, such as financial information. However, an SSL certificate is useful in more than just this way.

SSL certificates not only protect - they are overall a very good way to earn the trust of your visitors.

Obtaining an SSL requires documentation, proving the legitimacy of your business. The certificate is not only a sign of security - it's also a sign of verification. As users become more tech-savvy, they understand the importance of legitimate, safe websites.

Furthermore, it could be a bit tricky advertising your blog or business, with the address bar looking like that:

Let's not forget another very important factor of a successful website - Google rankings.

Back in 2014, Google has started using HTTPS as a ranking signal, affecting the pages and their search query positions. So if a website doesn't rank high on Google and doesn't have an active SSL certificate - this could very well be the reason.

Looking at all that, SSL is a smart investment to make.

Getting An SSL Certificate Is Easier Than Ever Before

In order to make HTTPS websites a default for all websites, the online community is more dedicated than ever to help developers do the transition. Google mixed content audits are set up to help developers migrate insecure content and a Google Lighthouse tool will help see the overall issues of a page.

And as mentioned previously, there are plenty of ways to get an SSL certificate. There's free "Let's Encrypt" and for those still looking to acquire a premium, advanced SSL certificate, there are a lot of SSL stores which will help you secure your website in no time.

So, the increasing attention for website security shouldn't be a problem - there are more than enough resources for that.

Paul joined the Hosting.Review team right from the start as a content writer and marketer. He was the person responsible for establishing a trademark for in-depth web hosting evaluation and superb review articles. Before joining Hosting.Review, Paul was working on various projects as a freelancer. Paul spends his free time reading fantasy books and graphic novels.
Leave a Comment

  1. Bill picture Bill
    2019 March 6th
    Reply

    My website is hosted on Go Daddy. They said to get this SSL, it would cost, with a 30 percent discount, $279. Does that sound right?

    1. Leonard Ramirez picture Leonard Ramirez
      2019 March 30th
      Reply

      Hi Bill – Absolutely not. SSL certs are averaging about $59/year now. Some as low as $39 and some as high as $79, but no, if they’re charging you $279, it’s time to move your site.

      1. CJ Rhoads (Please note: The form instructions are contradictory) picture CJ Rhoads (Please note: The form instructions are contradictory)
        2019 April 6th
        Reply

        Hi, Leonard. Thanks for answering Bills, question, but I believe that Bill has stated the price wrong for GoDaddy. SSL for one domain on GoDaddy is $69 a year. It is the wildcard SSL, the one that would work for all the subdomains as well that costs $279. I have plenty of issues with GoDaddy, but their pricing is not one of them.

  2. Pete picture Pete
    2019 February 4th
    Reply

    I see many crap websites ranking on page 1 that are not SSL
    poorly built etc
    Same in GMB listings too.
    It’s confusing why this is still the case after all this time!

    1. Leonard Ramirez picture Leonard Ramirez
      2019 March 30th
      Reply

      Not for long Pete. As long as it takes for people to get their site ranked high, it will take months for them to roll down the rankings as well. The new Google algorithm will begin to ignore sites not secure. It’s been something Google has been discussing since 2014. Not only is it a good idea because people who don’t maintain their sites have left a lot of garbage out on the internet. I don’t know about you, but I’m tired of seeing outdated and unmaintained crap come up in my results.

  3. xxnx picture xxnx
    2019 January 14th
    Reply

    I think it is wise to use an SSL, however I do not approve of Google s forceful way of pushing the issue. They are basically lying. A website that does not collect any data from its users is in no way less secure because it doesn t have an SSL. Labeling that website insecure for that reason alone is misleading and in my opinion borderlines with defamation.

    1. Leonard Ramirez picture Leonard Ramirez
      2019 March 30th
      Reply

      Hi xxnx – I’m sorry to hear you disapprove, however, I’m tired of searching for information and getting mega-crap results delivered to me that is outdated and unmaintained. With all of the hijacking, hacking, and malware out there finding their way in, even if it’s to check for login information (we know how many people use the same password for websites as they do for bank accounts), it’s a good idea to secure websites. It’s another way to filter out the good from the bad – the authorities on topics from the people who just say anything to get business or to sound like the smart guy in the bunch. Time changes and so do facts. I’d rather have updated and authoritative information coming from reliable resources. Wouldn’t you?

      1. CJ Rhoads (Please note: The form instructions are contradictory) picture CJ Rhoads
        2019 April 6th
        Reply

        While I understand what you are saying, Leonard, I have to agree with xxnx. You mentioned, for example, that this would be a way to eliminate outdated and un-maintained information. You also mentioned about login information, and filtering out the good from the bad. However, forcing everyone to get SSL does not accomplish any of that. Instead it will prevent even good, well-maintained non-profit sites without ANY login information to pay big bucks they cannot afford for no benefit or value. It is completely unfair, and will decrease the number and quality of unbiased, free, and essential information provided by companies that are not profit oriented. It’s a travesty, and I’m wholeheartedly against it. I had been providing certain non-profit groups (dedicated to health, prosperity, or leadership) free websites under my domain, but with this new charge, I won’t be able to do that anymore. They will have to come up with the money to pay for the extortion managed by Google, or give up their piece of the web.

        1. Gregory Knapp picture Gregory Knapp
          2019 April 22nd
          Reply

          CJ Rhoads I agree with every word you said I maintain websites for small businesses that have no log in info and doesn’t make transactions. They have no need for a Secure Site I also help with some religious websites for free now they will have to come up with the money to pay for SSL they don’t need Google is just a bully. With a little research done on Bing I’ve found that Google is going into the domain name business and they will supply SSL sites cheaper than other companies can afford to so now it all makes sense it’s either buy from Google or your website won’t show in search results that extortion.

        2. Gregory Knapp picture Gregory Knapp
          2019 April 22nd
          Reply

          I build and maintain websites for small businesses why should I be forced to puchacse SSL for sites that are for advertiseing only. The non-sense about old unmaintained websites is BS this is just about Google getting more control of content. If you are concerned about old results showing in search results then put code in the search algorithm that moves sites down if they haven’t been updated with-in a set time period. I recently removed Google Chrome from my computer now to punish me the spell check feature on all Google owned websites will not function. Google has to much power and that power is leading to abuse.

Get new blog posts by email: