Have you had a notice from Google saying that Chrome will show security warnings on your website? If you're not registered for Google Search Console then you may have missed it, that is unless you planned ahead and already have HTTPS enabled across your site!
Google are on a mission to make webmasters switch to HTTPS as soon as possible. By showing a warning in the world's most popular web browser, they're hoping to shame webmasters into upgrading their security.
Answering your questions
When is this happening?
Starting October 2017.
What is HTTPS?
HTTPS is the secure flavour of Hypertext Transfer Protocol (HTTP) - the internet standard for transmitting web data between a web server and a user's web browser.
How do I get HTTPS?
To make your HTTP into HTTPS you need an SSL/TLS certificate. These certificates are relatively inexpensive when purchased commercially. Many hosting companies and domain name registrars will sell SSL certificates. These certificates are usually "signed" by a recognised entity, such as Symantec, GeoTrust, Thawte or Comodo. These companies are responsible for verifying your identity as the site owner, before issuing you with a security certificate.
Can I get a free SSL certificate?
Yes you can, and the most common, trusted, source is Let's Encrypt. This is a relatively new Certificate Authority, but it's well trusted by web browsers and it has some major sponsors, including Google Chrome and Mozilla - the makers of the Firefox web browser.
Do I really need an SSL certificate?
... even if I'm not doing eCommerce?
Any forms that you have on your site will be transmitting data in unencrypted, clear text. Having an SSL certificate ensures that the data gets encrypted when transmitted in both directions, between the user's web browser and the web server.
Even if you don't have any forms on the site, SSL will still keep things secure. Without it you can be susceptible to a "main-in-the-middle" attack, with another webserver impersonating as your own.
Many users favour secure sites - it ensures that other organisations, including their own ISP can not see what they're transmitting to a website.
So how much will it cost me?
You should factor these into your plan:
- the cost of the SSL certificate
- your time to facilitate the SSL certificate order and authorisation
- the cost of your digital agency or hosting company implementing it for you, and if they know what they're doing, then the cost to implement a safe redirect plan. See below.
- the cost of your digital agency handling the change in Google Search Console. See below.
Final thoughts on SEO
- SSL certificates are good for SEO, and google favours websites that are secure over those that are not.
- If your website is currently HTTP, then all of your pages in Google's index will be HTTP.
- If you suddenly activate HTTPS you should make sure that your HTTP urls 301 redirect to their HTTPS equivalent.
- Don't just redirect everyone to the HTTPS homepage. That's bad UX and bad for SEO.
- Register your HTTPS site through Google Search Console and make sure it gets indexed. Fix any errors that are reported.
That's all. Good luck and get in touch
if you need assistance!