If you care about leads and conversions from your website (which we assume you do), then you’re going to want to read this one.
Google has confirmed that starting this October, a new update will flag domains using HTTP by default, not HTTPS (we’ll get into that shortly), as “Not Secure” to Google Chrome (version 62+) users. The “Not Secure” warning will be displayed on any page with a form field, including newsletter signup forms or search bars.
While this update may only apply to Google Chrome users, the browser represents 64% of all browser-based internet traffic as of July 2017. Not utilizing HTTPS by default will mean higher website bounce rates, decreased website traffic, and ultimately lost leads & conversions.
Why is HTTPS so important?
Users have proven that they do care about whether or not a page is flagged “Not Secure.” Earlier this year, Google released the update displaying “Not Secure” warnings to Google Chrome users interacting with any page containing password or credit card fields that wasn’t utilizing HTTPS. Traffic to these websites dropped 23% after the update was released.
How can I be sure my site isn’t affected?
If you are using an SSL certificate, great start! See Step 2 to be sure you’re in the clear. If you aren’t, let’s start with Step 1.
Step 1: If you don’t currently have an SSL certificate installed on your website, please install one immediately. (See: How do I install an SSL certificate? below)
Note: In most cases, you can tell if your website is using an SSL certificate by entering your domain name into the address bar and looking at how the URL begins in the address bar, either HTTP or HTTPS (the S literally stands for Secure)
Step 2: In addition to installing an SSL certificate, eliminate any assets being pulled into your website from another domain that isn’t utilizing HTTPS.
Note: This includes any images, scripts, social media buttons, or embed codes displayed on your website through a link from another website that’s not utilizing HTTPS.
What is an SSL certificate?
SSL (Secure Sockets Layer) is the global standard for securely passing data from a website to web server (and vise versa), ensuring that all data passed between them remains private and integral.
How do I install an SSL certificate?
The answer here really depends on whether or not you’re comfortable handling the installation yourself.
There’s plenty of options for paid installation and support, but our top two recommendations are Digicert and Comodo–both are well-known providers.
If you’re able to take care of installation on your own, Letsencrypt.org is our team’s favorite. It’s a free 90-day SSL certificate that’s easy to install.
If you’re utilizing a web management platform such as cPanel or WHM (Web Host Manager), your domain’s SSL certificate can be setup for automatic renewal.
Why is Google making this update?
Google has always been at the forefront of advocating for the user and hasn’t overlooked security.
Google’s mission is to nudge domain owners/webmasters in the right direction: to a secure connection over HTTPS.
We don’t disagree.
