For years now, Google has been pushing webmasters to make the change to HTTPS. In July 2018, Google will be kicking it up a notch: ALL HTTP websites will soon be marked as “not secure,” starting with Chrome 68.
We have already seen the changes that Google has made to urge website owners to use HTTPS. The major push began with their HTTPS everywhere campaign. Next, they announced HTTPS as a ranking signal and started indexing HTTPS before HTTP pages. Last year, we saw Google marking HTTP pages that have any sort of data entry field (such as credit card, password, contact form) as “not secure”.
Google’s latest change will greatly impact all users, and makes the move to HTTPS a necessity to retain your traffic and visitor trust.
What does this mean?
Coming July 2018, if you are visiting a HTTP website using a Chrome browser (and especially with Chrome 68), you will see the not secure warning.
What does it mean to you?
Because Chrome is the most popular web browser, this change will impact you. If you have been putting off the switch to HTTPS, you will need to consider it carefully before July, unless you want to lose traffic and/or business. Also, we can expect to see other browsers, such as FireFox and Safari, follow suit and mandate HTTPS in the very near future.
So, what do you need to do?
Let’s take a look at the following cases that illustrates some of the biggest misconceptions of HTTPS and what you can do in each case.
Case #1: My website is not important enough
Say you have a simple website, no login page, no payment transactions, no privacy or security sensitive content. You may think: why should I switch to HTTPS?
If the “not secure” warning that Chrome and FireFox display on your website is not a strong enough reason for you to consider the switch, then perhaps the fact that many of the “cool” web features require HTTPS will. For example, if you want to include features like geolocation, push notifications, or switch to HTTP/2, your website needs to be on HTTPS. In other words, HTTPS is no longer just for important or sensitive websites, it’s now crucial for any websites that want to offer better user experience.
Case #2: I cannot afford HTTPS
Yes, years ago (and we are talking about 10+ years ago), an SSL certificate was considered an investment for many websites. Back then, paying $1000+ for a private SSL certification was overkill for all but the most sensitive government websites.
But nowadays, getting SSL certification is not going to break the bank. In fact, if you are subscribed to any of the Doteasy Business Hosting plans, a private SSL (as well as the dedicated IP that’s required for the SSL installation) is included free in your hosting plan. In other words, you can get enterprise-grade hosting services and an SSL certificate for your HTTPS website for only $25/month – just the cost of a lunch out.
Case #3: Switching to HTTPS will affect my search engine ranking
We know that being on HTTPS is a positive ranking signal and we also know that Google gives priority to HTTPS over HTTP. But, many people are concerned about having two versions (HTTP and HTTPS) of their website can negatively impact their search engine ranking.
This is where we turn it over to Google for guidance. Google has a few best practices you can follow when moving your website to HTTPS, which includes:
- Serving 301 redirects to show search engines that your website is at the HTTPS version
- Serving canonical link elements on your HTTPs website to reinforce that the HTTPS version is the preferred version of your website.
Useful Google guides and resources:
- Overview: Site moves with URL changes
- Secure your site with HTTPS
- Planning on moving to HTTPS? Here are 13 FAQs!
Case #4: What about the 3rd parties my website depends on?
If you have 3rd party dependencies on your website, such as ads, images or legacy content, they will have an effect on your switch to HTTPS.
In a nutshell, all content on your HTTPS website needs to be available over HTTPS. This includes scripts, iframes, images, videos and all other active content.
If you are running AdSense ads on your website, then we have great news for you! All AdSense ad requests are served over HTTPS, with the exception of users in countries that block HTTPS traffic. Plus, this is not just a Google Adsense thing – the major ad systems on the Internet are also serving ads over HTTPS. If the ad system you are using is not using HTTPS, then you need to ask them Why not?
In terms of all other 3rd party content on your website, loading non-secure HTTP content on HTTPS websites will result in them being blocked entirely. While you can’t control these 3rd party content, you can use Google’s free security auditing tool called Lighthouse to help you identify which website resources still load using insecure HTTP. This way, you don’t have to rely on users to report broken images, etc. – you can find and fix these problems sooner.
How can I migrate to HTTPS?
Moving your website to HTTPS is not as complicated as it used to be, as HTTPS is becoming more common. Here are 2 methods that we can suggest:
Method 1 (Manual Method):
The manual method is to purchase an SSL certificate. With Doteasy, it is also required to have a dedicated IP in order to install the SSL certificate, as this will help to prevent issues with older browsers and devices. You can install the SSL certificate in the cPanel. (Of course, Doteasy can take care of this entire process for you!) The last step is to make sure that your website is updated to use HTTPS. Be sure to redirect your website pages to HTTPS by changing the code in the .htaccess file. If you don’t have an .htaccess file, you can create it in the cPanel file manager. If you need any help, feel free to give Doteasy a call, and our team can help you with these steps!
Take a look at our articles that explain SSL and HTTPS even further!
Method 2 (Automatic Installation with Business Hosting Plans):
For a cost and time effective option, you can consider a Doteasy Business Hosting plan. The business plans include both SSL and a dedicated IP for free, and SSL is automatically installed for all domains with your account. ALL domains associated with your account (including subdomains and add-ons!) have SSL included automatically at no extra cost. If you manage multiple domains, this may be a great time to consolidate all of your domains under one business hosting plan, as SSL certificates are included for all of them.
You can find more information about other advanced resources included with the business plans here.
As you can see, these crucial changes are happening fast. If you haven’t made the switch yet, you need to switch to HTTPS very soon – before it becomes an emergency this July.