We always have our ears very close to the ground when it comes to Google, and we didn’t let the latest announcement slip through without having something to say about it!
In case you missed it, Google announced that within their next Chrome update, they will mark any HTTP page that includes a form as ‘Not secure’. They haven’t given us much warning either, this comes into effect in October!
So, to put this into context… if your website contains contact forms, login fields and any other data input forms, they will be marked as ‘Not secure’. Which is basically every website – can you think of one that doesn’t have a contact form?
Let’s take this back slightly, to March this year.
You may have seen our announcement which included what you need to know about the new Chrome 56 release. At the time, we thought this was pretty major. Chrome started to notify users if a website requested your password when the connection was not encrypted. A warning was placed next to the address bar, to inform the user that the page was ‘Not secure’.
This change began to spark lots of speculation within the industry, and it highlighted the importance of having an SSL certificate installed on your website.
By ensuring your website has an SSL certificate, you are making the connection between your website, and the customers secure. Therefore any data that is transmitted is encrypted, and extremely difficult to crack even if it did get into the wrong hands.
Our keeping safe online blog goes into more detail about SSL certificates for you.
Back to the latest announcement
So, as I am sure you agree, this year is going by extremely quickly. With this latest Chrome 62 update being scheduled for October, that really doesn’t leave us with much time at all.
We hope that you already have an SSL certificate installed on your website, as this will put you at a big advantage. And if you haven’t, quite frankly, why on earth not?!
Here’s the official statement from Google regarding this security update, so you can hear it from the ‘horse’s mouth’, so to speak:
Beginning in October 2017, Chrome will show the ‘Not secure’ warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode
If you haven’t switched your website over to HTTPS, this could be very detrimental to your business. This ‘Not secure’ message will also start appearing when you are using Google Chrome in Incognito mode too.
Many website users use Incognito as they believe it keeps their information safe from hackers, but this is a common misconception. All going Incognito does is disable your browser from storing data in your history or cache.
This is just the beginning
So when Chrome 62 is rolled out, any non-secure form fields in both normal and Incognito mode will load with a ‘Not secure’ warning. There has been speculation that Google plans to include a red triangle with an exclamation mark along with this warning at a later date. This will just make it even more obvious to users that your website isn’t secure.
Imagine the amount of customers you could lose – I know that if I saw a red danger triangle on a website I would leave immediately. You never know who could get hold of your personal details on websites that aren’t secure.
According to Google (unfortunately there seem to be a lack of statistics from other, less biased sources!) – these changes have already had a major impact on both website traffic and user behaviour.
A huge 23% reduction in traffic has already been seen on HTTP pages requesting credit card information or passwords.
If this reduction is an indication into the future, you can see how detrimental a HTTP website (rather than a HTTPS website) could be to your business.
What actions should you take?
HTTPS migration is something that you can carry out on your own, but you have to know what you are doing. Personally, I would leave it to the experts – a web developer will know exactly what to do.
To give you an idea of what you will need (so that you don’t get caught out with any jargon), we have put a list together for you:
- Purchase an SSL certificate (if you don’t already have one)
- Make sure your server is correctly configured for the update
- Install your SSL certificate
- Go through your website and make sure any internal links are changed from HTTP to HTTPS
- Set up 301 redirects from old HTTP links to new HTTPS links
- Update your Google Webmaster Tools account, and social media pages to reflect your new URL
The most important thing you need to get right with this HTTPS migration is the 301 redirects. If these are not in place, the pages on your website will return the dreaded ‘404’ errors which will be detrimental to your search engine rankings.
You may see some slight fluctuations in your rankings to begin with, as Google re-crawls your website. However, these should level out within a couple of weeks.
If you can carry out the update during a particularly quiet period, when your website traffic is likely to be low, this will help Google to crawl your website quicker!
So, I will let you digest that latest update from Google Chrome. I know it is quite a lot to take in, so if you have any questions please do give us a call or email firstname.lastname@example.org.
Our team of experienced web developers can carry out this HTTPS migration for you, saving you the hassle.