Google has revealed plans that it will be showing the following “Not secure” alert in future versions of its Chrome browser’s URL bar for all HTTP pages. When it does make this switch, do you really want your customers/clients to see this on your website:
So this is another reasons to switch to using a secure website. The other benefits so far are:
- Google is now using HTTPS as a ranking signal, this means that you get some SEO benefit from moving to HTTPS
- Because SSL give you a secure connection, this will prevents malicious third parties from accessing any information given to you by your visitors, for example on a membership or eCommerce site
- Having you visitor see that little green lock in the URL bar gives then piece of mind
The first step in Google’s plan with start in January 2017 with the release of Chrome 56 which will label HTTP pages with password or credit card form fields as “not secure,” given their particularly sensitive nature. In these instances you will see this:
In following releases of Chrome, Google will slowly extend the HTTP warnings, as an example, in Incognito mode they will label HTTP pages as “not secure”, as users use this mode when they have higher expectations of privacy. Eventually, Google will show the first example in this article.
Steps to making your site more secure
Step 1: Pick a type of SSL certificate
There are three different types of certificates you can get:
- Domain validation – gives you a grey padlock; the cheapest and most basic; it only really covers encryption; suitable for non-eCommerce sites & basic brochure sites.
- Organization validation – gives you a grey padlock; 128, 256 or 2048-bit encryption; suitable for eCommerce sites & sites collecting personal info.
- Extended validation – gives you a green padlock; the top of the line option; 2048-bit encryption; provides the best security; suitable for eCommerce sites, sites collecting personal info and where user trust is paramount.
Google recommends that you use 2048-bit encryption certificates, so keep that in mind.
Step 2: Buy SSL certificate
You can buy SSL certificate from many places, but we would recommend buying one from your hosting company. Most hosting companies already offer them and some will help you set them up. Plus it’s convenient to keep the cert in the place as the hosting as they go hand-in-hand.
Step 3: Install onto your server
If you buy from your hosting company this will be done for you.
Step 4: Setup up your website to start using https:// rather than http://
You will need to update:
- all your sites URLs
- internal hyperlinks in your content
- urls located in theme templates
- urls located in theme css
- urls located in theme scripts
- CDN (Content Delivery Network) if you use this service
This will help you avoid mixed content errors – where some content is using http:// and some https://
Next there are a couple more things to look into
- Social Shares numbers are reset
- Random plugins may break
- Update Google Search Console (previous WebMaster Tools)
Step 5: Test your site thoroughly
If this is something you are interested in, drop us a line and we would be more than happy to help.