If your website does not currently use HTTPS and an SSL certificate, users might see a warning from Google saying your website is unsafe.
The rollout of Google’s newest security measure did not come out of the blue. In fact, Google began calling for “HTTPS everywhere” in 2014 and urging website owners to get on board. Now, they’re pushing even harder to increase security. If websites fail to use HTTPS and an SSL certificate, they are putting their visitors at risk of an information hack – and they probably already have a security warning next to their URL.
Back up. What is HTTPS?
HTTPS, which stands for Hyper Text Transfer Protocol Secure, is the secure version of HTTP, the method of transporting data between a browser and websites. Unlike websites that only have HTTP, all communications through HTTPS are encrypted between users’ browsers and the websites they visit.
What About SSL?
The second industry standard for security is SSL, or Secure Sockets Layer. SSL is a service that establishes an encrypted link between a web server and a browser. With an SSL certificate in place, all data passed between the server and the browser remains private. Websites need to use HTTPS and SSL to adequately protect their visitors from potential hacks.
What Are Google’s Warnings for Users?
Millions of websites already use HTTPS and SSL certificates. To get more sites on board with the most up-to-date security, Google announced that in 2017 they would begin marking all HTTP pages as “non-secure.” There are several levels, according to Google:
Websites that Google deems “insecure” are accompanied by a round information symbol and a message that says: “Your connection to this website is not secure. You should not enter any sensitive information on this site (for example, passwords or credit cards), because it could be stolen by hackers.”
Sites considered “not secure or dangerous” will have a red, triangular warning symbol next to their URL and this message: “We suggest you don’t enter any private or personal information on this page. If possible, don’t use the site.”
I Need to Change to HTTPS. What Do I Do?
Transitioning from HTTP to HTTPS is a complex, multi-step process. For a smooth transition, it’s best to hire a professional to correctly complete the process and minimize the risk of issues.
In a nutshell, changing to HTTPS involves the following:
- Securing and installing the correct certificate for your website,
- Updating your website’s configuration to HTTPS instead of HTTP,
- Redirecting visitors who navigate to your HTTP address directly to the HTTPS website,
- Using Google Search Console to verify ownership of your website for Google,
- Updating Google Analytics to reflect these changes, and
- Testing the results of the conversion to ensure the transition is complete.
It’s also critical to make sure you have an SSL certificate for your website. A professional can purchase your certificate from your website hosting provider and ensure it is properly connected to your site.
At Envoca, Internet security is a priority. That’s why we insist every website we build or redesign has these security measures in place. If you need to upgrade your website to HTTPS or you are unsure about your current security, act now to avoid penalties by Google. Contact our team today to discuss how you should protect your website.