Google favours SSL by shaming non HTTPS sites in 2017

Google has shown its hand over the future of HTTPS websites, rolling out a massive change in how non-secure sites are displayed in the Chrome web browser.  Experts are calling this the beginning of the end for HTTP, but what does this mean for business websites?

Google’s latest changes in how it treats non-encrypted (HTTP) websites kicked off in late January, with popular web browser Google Chrome now showing the message; “Not secure” in the location bar for pages that collect passwords or credit cards. It will look like this:

Chrome SSL

According to a recent blog article by WordPress security plug-in developers WordFence, the move is the first part of a staged rollout that encourages website owners to upgrade from the unsecured HTTP to HTTPS.

In the next phase, Google Chrome will label all non-HTTPS pages for browsing activity using incognito mode as “Not secure”.

The final phase will see Chrome labelling all plain HTTP pages as “Not secure” for all users of the web browser. It will look like this:

Not Secure

*Images sourced from Wordfence blog post on January 17 2017

The Chrome browser had already flagged unencrypted websites as non-secure, displaying a red “x” over a padlock in the URL bar, with a green padlock to indicate a secure site, but this was deemed as too easily overlooked by browsers.

Remind me; what is HTTPS?

HTTPS is essentially a secure layer on top of the usual HTTP web protocol. On every website served over HTTP the data exchanged between the site’s server and the user is more vulnerable; anyone with the ability to snoop on the connection, be it a hacker at a coffee shop or a repressive government, could steal passwords, private messages, or other sensitive information.

HTTPS doesn’t just protect user data, it also ensures that the user is really connecting to the right site and not an imposter one. A favourite tactic of hackers and malicious operators is setting up a fake version of a website that users normally trust. HTTPS also ensures that a malicious third party can’t hijack the connection and insert malware or censor information.

With more of these types of attacks happening to smaller businesses due to their typically lax site security measures, switching to HTTPS is one of the top rated ways to beef up your website’s protection and the safety of your customers online.

You can read more about HTTPS and website security on our earlier blog which details how to Protect Your Website From Hackers

What is Google trying to achieve?

Since 2014, Google has been making noises about a preference for secure websites that use the encrypted HTTPS server protocols over non-secure HTTP sites,  when they officially announced that HTTPS will be a factor for search results standings.

This latest move shows the internet giant making a clear statement that the web of the future should all be encrypted, with all sites served over HTTPS.

Google’s intention is to highlight HTTP for what it is: UNSAFE.  HTTP provides no data security, which currently makes around two thirds of content on the internet open to exploitation.

By rolling this change out through its own web browser, Google is effectively offering users the only way to navigate the internet risk-free. Other web browsers are sure to follow suit in a bid to close this huge advantage gap quickly.

As Google pushes harder for all web traffic on a secure channel, there is a marked shift for service providers to offer HTTPS website security to their clients as an option with all websites instead of only e-commerce websites or those with a secure customer login area.

With site security – or lack of it – so clearly labelled, the risk to online users is lessened. The fallout for businesses with non-secure websites is they may find visitor numbers decreasing as more people prefer not to take the risk of navigating to a potentially hackable website.

How can Web Tonic help?

Starting from 01 March 2017, all new Web Tonic websites will be built using the HTTPS protocol. This extra layer of security is offered as part of our standard web design package, and comes at no additional cost for new sites.

We are also offering a special rate for our customers with existing websites to have all pages of their sites upgraded professionally. Pricing varies per site, as each page needs to be updated with SSL certification and a series of steps followed to ensure a seamless transition that will not impact negatively on the site’s page rankings.

To get a quote for transitioning your website to HTTPS contact Web Tonic.