Google will brand websites with URLs (web addresses) starting with http as not secure. Website URLs with https will be marked as “Secure” and show a locked padlock icon. Why is https important? Google wants you to scramble communications passing back and forth from your website. July 2018 is your deadline to switch to https. How can you tell if your website address starts with http or https? Look at the URL in your web browser.
Here are questions from our clients about Google labeling sites as not secure:
What’s the difference between http and https?
Well, the “s” makes all the difference because it means your site is securely passing information from the web server (where your website files reside) to the web browser (Chrome, Safari, Firefox or other software you use to view websites on your desktop or mobile devices). This security feature scrambles information being sent between your website browser and your website server. Only your website browser and website server have the key to unlock the scrambled information.
The encryption helps protect personal information that is not intended from being seen by prying eyes or exploited by people with bad intentions.
Google currently shows http sites viewed with the Chrome web browser with the letter i inside a circle in front of the domain name. In July 2018 http sites viewed with the Chrome web browser will say Not secure before the domain name.
What does this change mean for sites that do not ask for personal information or sell online?
Google is labeling every site using http as “not secure” regardless of whether the website is an e-commerce site. That’s right, even if you don’t sell services or products on your website or ask for any personal information making your website. Why? Because Google is pushing to make the internet a more secure place to exchange information and do business.
Do we just add an “s” to our website URL?
The site is not secure just because an “s” has been added. You need to have an SSL certificate connected to your website.
A Secure Sockets Layer (SSL) certificate is SSL certificates are small data files that digitally bind a cryptographic key to an organization’s details. (Source: Globalsign)
In the past companies had to pay $40 on up annually to buy a SSL certificate. Now it is common to use free SSL certificates. Check with your hosting company to see if they offer a free SSL certificate with your hosting plan. If not, you may consider upgrading your plan or work with a web developer to connect a free SSL certificate to your website.
Do we need to do anything else once we have a SSL certificate?
Yes. You’ll need to make sure to update your new URL:
- In your host server account–redirect website page requests to your new https URL. If you don’t, your site visitors will get error messages.
- In your content management system (such as in WordPress> General settings>)
- So https is reflected in the URL for internal links and media library files
- For inbound links to your site on other websites
You’ll also need to:
- Create a new view in your Google Analytics account
- Create a new property on Google Search Console and add your new XML sitemaps
- Add your new XML sitemaps to Bing webmaster tools
- Keep your SSL certificate valid. Make sure you understand how that needs to happen — discuss the details with your hosting company or your website team.
Is trust a factor for your organization to get business leads, donations, prospective employees or students? It certainly is. Risking your site being labeled as “Not Secure” will make your prospects and donors think twice about exploring your website and connecting with your brand online. Make a plan to get your website more secure with a SSL certificate. Serve up secured scrambled files to keep your prospects and Google happy.
For information on other ways to make your website secure read Website hack protection—a basic checklist.