If you woke up last Friday to a message in your inbox from Google Search Console warning that “Chrome will show security warnings on” your website, the first thing you need to know is don’t panic, but be ready to do some work.
We’ve received emails from our clients asking what this email is about and how it will affect them. Here’s what it all means.
What Does It Mean to Be “Not Secure”?
Websites are served up over a protocol called HTTP, which stands for “hypertext transfer protocol —this is a standard way your computer communicates with the website you’re viewing. A secure site uses a security certificate called SSL, which changes the URL to HTTPS. This added security basically protects your computer’s communications so that it’s harder for other people to listen in and figure out what you’re doing or get the information you’re sending online.
What Does “Chrome Will Show Security Warnings” Mean?
It gave the warning and then an example list of URLs on your site that would be affected by this change. Note that this change is set to occur in October 2017.
These “Not Secure” warnings are something Google has been telling users they would be moving toward for quite some time now. This next step in their process is focused on pages on which a user has to input information (e.g., forms pages).
Regular pages whose URLs begin with HTTP will be similar to the existing look (i.e., the simple “i” button), but any pages that have forms or require a user to input information will have the “Not Secure” message next to it. Additionally, all pages that are on HTTP will show the “Not Secure” message when viewed in incognito mode.
Eventually, Google plans to make a much more obvious warning that may look like this:
This Only Applies to Chrome Browsers
If a website visitor is using Firefox, Safari, or even Internet Explorer they won’t see this same exact message — other browsers display something similar warning a user they’re on a non secure site, but for the purpose of this update it only applies to Chrome browsers.
Keep in mind that Google’s Chrome browser is the king of the hill—it crushes its competition for market share. According to Net Market Share, which tracks and reports on statistics for internet technologies, Chrome is the browser of choice being used by ~60% of people on the internet. No other browser even comes close to competing with Chrome for user share:
How The “Not Secure” Warning Can Affect Your Site
One of the ways it could affect your sites is by raising users’ concerns about the non-secure nature of your site or forms. Anyone concerned about protecting their privacy and information online would likely be leery to input information on your forms. Additionally, a “not secure” warning could lead users to believe your site is hacked or, rightfully, view your site as vulnerable. Either way, user experience will likely be affected. Another way your site could be impacted is in its rankings—Google wants site owners to have a secure certificate and views HTTPS as a ranking factor.
How to Address This and What You Need to Be Aware Of
The only way to solve this issue is to get a security certificate via your hosting service and migrate your site from HTTP to HTTPS. At the very least, you should ensure any page that has forms for users to input information is served over an HTTPS connection.
Ideally, you would migrate your entire site to HTTPS and not just specific pages. it would make more sense to have a secure certificate for the entire site—but that also brings its own issues.
Some of the most important things to be aware of when you decide to migrate to HTTPS are:
- There is a cost associated with purchasing an SSL certificate. Although it’s usually fairly inexpensive, it is an additional cost added on to the hosting of your site.
- When you change from HTTP to HTTPS you are making all new URLs. Google treats this as a site move. That means you could see traffic and rankings decline as Google crawls your site and reindexes the new pages.
- You could end up with a lot of broken links. Because HTTP to HTTPS is a completely new URL, any links (internal and external) need to be properly 301 redirected to their corresponding new HTTPS URLs. These 301 redirects should be put in place as server-side redirects.
- You may lose data from Google Search Console. If you don’t add the HTTPS property to your Search Console you will lose data. Search Console also treats HTTPS as a separate entity, and the data is not shared in Search Console.
Ultimately, it’s our opinion that it’s in your and your users’ best interest for your site to have a secure certificate and be served over HTTPS. And it’s better to be ready now and work through any potential issues rather than scrambling to get things fixed when Google rolls out its changes.
Latest posts by Brian Valentin (see all)
- The Ultimate WordPress Setup and SEO Guide for Small Businesses - May 15, 2018
- How To Avoid the “Not Secure” Warning In Chrome Browsers - August 22, 2017
- How to Grant Access to Google Analytics - April 27, 2016