By: Team Visible
November 14, 2017

How to Avoid Being Hit With Google Chrome’s ‘Not Secure’ Warning

It’s not uncommon for people to ignore basic online safety advice – plenty of us will click on odd looking links out of curiosity, happily risk infecting our computers to find the latest episode of Game of Thrones, enter bank details without a second thought, and use the same password for everything because we’re too lazy to remember more than one.

It’s clear not all of us care as much about our own internet safety as we should. So in response to people’s poor online choices, Google’s taken it upon itself to force the Internet into a safer realm.

  • In September 2016 they announced websites that require credit card details or passwords, that do not have security certificates, will be marked as ‘not secure’ on Chrome.
  • In October of 2017 they upped the ante, making it so any page with forms, or any page viewed in Chrome’s Incognito mode, will need a security certificate.
  • Eventually it is foreseen all pages without security certificates will be marked not secure.

Credit: Spry Digital

Ok, so it sounds good, but what does it really mean? Let’s break it down –

What is a website security certificate?

Simply put, a website certificate is a form of ID from a trusted source that says ‘this site is legit and uses encryption.’ Pretty much – if the site starts with HTTPS, as opposed to just HTTP, it’s safe.

So – what does HTTPS mean?

HTTPS stands for Hyper Text Transfer Protocol Secure and is your way of knowing that a site has a ‘Secure Socket Layer’ or SSL. To translate that – essentially it encrypts the data travelling from your browser to the server and protects your private information.

Credit: DigiCert

Should you secure your site?

Without a doubt – yes. Approximately 50% of Internet users prefer Google Chrome, so if you want a safe and useable site for consumers, it’s time to get secure.

Credit: DigiCert

There’s four main reasons why it’s important, which are –

Security

This is the main reason why you need HTTPS, especially if your site requires sensitive information.

  • HTTPS encrypts communication – protecting personal information
  • HTTPS ensures third parties cannot hack the connection and use malware or track information

Credibility

It doesn’t instill confidence in a customer or user when they see a big red ‘Not Secure’ next to your webpage.

  • Secure your site so that people know your service is trustworthy, and that you care about your customers’ information being kept private.

SEO rankings

In 2014, Google announced that HTTPS and SSL were going to become ranking signals.

  • We know it’s already affecting your search engine rankings but Google has hinted that it’s going to become an even stronger ranking factor in years to come. Why wait around to see what sort of affect a non-secure site can have on your rankings?

Analytics

Another cool benefit, is that you can track referrals who have come from other secure (HTTPS) websites. If you’re currently on HTTP, clicks from any HTTPS sites that are linking to yours will not show up in Google Analytics as a referral – so you have no idea if they’re sending traffic your way.

  • For example – if you’re mentioned in an online news piece or blog post on a secure site and someone clicks through to your non-secure site, you won’t see them in analytics.

So how do you secure your site?

Take it straight from Google, who on their support page give this advice on how to secure your site with HTTPS.

  • Use robust security certificates – essentially, ensure you’re getting your certificate from a reliable certificate authority that has good technical support.
  • Get the right certificate for your needs – there are three different types, single certificates, Multi-domain certificates and Wildcard certificates – do your research, especially if you’re selling anything on your website.
  • Verify that your HTTPS pages can be indexed by Google – test this through Fetch as Google.
  • Make sure the old HTTP site is redirecting to the new HTTPS version to avoid upsetting Google (and hurting your rankings) with duplicate content issues.
  • Talk to your website provider to see if the SSL they provide covers what you think your business needs.

Today, most providers have free built in SSL options for their sites (for example WordPress and Squarespace), which would do the average business just fine. But, some SSL providers offer high warranties and assurances which you may want.

  • For example, if your online site handles millions of dollars per year, and you want to ensure that if your certificate is compromised, customers will be covered for their losses – you will need to fork out extra money for a SSL provider who provides this.

Is your site HTTP or HTTPS? Need a hand figuring it out? You know where to find us 😉