Google is continuing to push for a totally secure web.
Chrome 68 became available to download at the end of July 2018. Perhaps the most noticeable new feature in this browser update is the obvious “Not secure” message in front of any non-secure site URL.
In the past, an informational “i” con would appear next to a URL and users would have to hover over this to discover the page they were browsing wasn’t a secure site. Now, Chrome is making it easy for users to recognize non-secure sites.
This update should be a big deal for non-secure site owners—even if users don’t make transactions or enter private information on your site. Seeing a “Not secure” message will likely increase bounce rates for non-secure sites, which will affect traffic, conversions, and other site engagement metrics.
The backstory on HTTP to HTTPS
What does HTTPS mean, anyway? The addition of that little “s” means that the site has an SSL certificate. SSL stands for Secure Sockets Layer, which is a process that encrypts data when being transferred to a server.
When data is submitted to a secure site, the data goes through an SSL certificate that secures the data. Because more and more users are inputting payment and other private information into a wide variety of sites, it’s so important for websites to ensure that they’re protecting users’ data.
Of course, this emphasis on secure sites isn’t new. Google has been promoting the importance of HTTPS sites for a long time. Chrome started displaying the “Not secure” message on some sites in January 2017.
According to the Google Blog, this movement to HTTPS has been successful. This post states that over 68% of Chrome traffic on Android and Windows is secure and over 78% of Chrome traffic on Chrome OS and Mac is secure. Plus, 81 of the top 100 websites are HTTPS.
What can your business can do now?
If you still have a non-secure site, it’s not too late! First, you have to purchase an SSL certificate. Not all SSL certificates are created equal; if you’re not sure what kind of SSL certificate your site needs, check out this comprehensive Search Engine Land post.
Once you have an SSL certificate, it’s time to set up 301 redirects and update your robots.txt. This will likely take a bit of time, but it’s a worthwhile investment. Google will only continue to reward HTTPS sites and penalize HTTP sites.