Some webpages are more secure than others
Have you noticed how URLs always start with “http”? This stands for “HyperText Transfer Protocol”, one of the foundation technologies of the web.
In essence, it’s a set of rules which let browsers and web servers communicate. HTTP arrived in the early ’90s, and – like its contemporary Eldorado – it wasn’t without fault.
Communication via HTTP is not encrypted, making it vulnerable to hacking and spoofing attacks. Enter HTTPS.
That extra letter denotes security, as using this protocol encrypts your communications.
Once the reserve of banking and payment sites, HTTPS is now found all over the shop – literally! Many ecommerce sites and trusted brands encrypt your whole journey through their websites. (Given it’s a confirmed ranking signal on Google).
HTTPS: once inessential, then recommended – now essential
At present, browsers reward secure webpages with a green padlock symbol. It’s a way of saying “this page has made the effort to deliver enhanced security, for your benefit”.
Pages which are not secure have a much plainer symbol. In Chrome, it’s a page with a folded corner. However, this may be about to change.
In a now-deleted tweet, Google security engineer Chris Palmer shared a screenshot of a new feature in the Chrome browser. Pages served over plain HTTP could soon be demarcated with a red X to highlight that they might not be safe. If it happens on your website, you have to ‘opt out’ – by taking the time (and spending the money) to move to HTTPS.
Google aren’t alone in discouraging interaction with insecure content. The developer release of Mozilla Firefox warns users before they transmit a password via HTTP. This feature will no doubt reach stable, vanilla releases of Firefox soon.
Top Fact: The UK generates almost 4.3% of all Google’s global search website traffic
What do SEOs think? And what does it mean for you?
We have mixed feelings about this decision. Google is using its influence to push adoption of a way to protect web users, which is a good thing.
Plus, HTTPS enables other acronym-laden technologies like HSTS and HTTP/2. We will be explaining what these do in future blog posts, but suffice to say they are good news for your website.
The downside is that it will leave website users confused. As mentioned, I associate the red X with broken images. Less tech savvy users might reasonably wonder, “Is this website broken? Is my browser broken? Is my internet connection down?”
If you don’t want your users perplexed, you will soon have to move to HTTPS. But even that is a sea of questions! “How do I move? What will it cost? Where do I even begin?!” Migrating your site can be precarious, with minor mistakes causing catastrophic consequences.
But, Google hinted at their desire for a 100% secure web back in 2024. We’ve had plenty of warning. Now, it’s time to take action.
Free guide to moving your website to HTTPS
Suddenly suffering a HTTPS headache? Don’t panic! We have prepared the marketer’s guide to moving a non-secure website to secure HTTPS.
1. Understand what security certificates are
To serve secure pages, your site needs to hold a security certificate. This is a file which enables encrypted communication between a browser and your website.
Think of it as a digital passport which verifies your site’s identity.
You may see the terms SSL or TLS, which are technologies used to power HTTPS encryption. Free SSL certificates.
2. Find a certificate authority
Just as you can only get a passport from the Passport Office, you can only get a security certificate from a certificate authority.
Your web host may have registered to be a certificate authority as you can typically require and purchase an SSL certificate from them.
If you’re purchasing a website for the first time with hosting, you might also have the SSL free for a certain period.
Or, your developers or SEO agency may be happy to recommend one. Either way, ensure they are a reliable, trustworthy company and offer technical support.