Is your site now returning a 'Not secure' alert on Chrome?

The alarming phrase ‘NOT SECURE’ is now showing in the url address bar for many website pages that are still using HTTP; at least in searches using the latest version (v62) of the world's most popular web browser: Google Chrome.

Google’s move, (launched October 2017), is a major step forward in providing a more secure online experience for users and, while it is the first web browser to do this, Firefox plan the same changes and Safari, Internet Explorer and Opera can't be far behind. 

What's next you may ask? Well, pretty soon we'll see the ‘NOT SECURE’ warning returned on ALL HTTP pages.

But the impact on User Behaviour is already startling: a drop of more than 25% of user visits to HTTP pages with password or credit card forms on desktop.

We know, because for any HTTP website page that includes a password or credit card field, Google Chrome began issuing warnings back in January 2017, with the release of v56. So, the evidence is already clear: thanks to the push towards better security – from web browsers, internet bodies, web security firms and hosting companies – the percentage of pageloads over HTTPS is now approaching 70%.  

Let’s focus on that for a second: more than two-thirds of users’ online activity is already going to HTTPS sites.

This though is slightly misleading; as sites with gargantuan traffic volumes have flipped to HTTPS, but most businesses have not yet made that leap.

This is significant because HTTPS (Hypertext Transfer Protocol Secure), along with your site’s loading speed, has been an SEO ranking factor for some time now – so you need to take steps to ensure your site is using HTTPS, or you’re quickly going to lose engagement followed by a decline in traffic. So, simple market forces should dictate that you address this, or get left behind.

As others adopt an SSL, you risk your search ranking falling. And if your site isn’t on the first page of search results, we all know that your customers won’t keep digging to find you!

Adopt HTTPS

Security is one of the key online issues for the year ahead (see our blog on trends for 2018). If you do nothing now, then first enquiries or purchases will fall, as conversion drops, and returning users will decline (perhaps never to return).

Bottom line, if you're still using HTTP then adopt HTTPS now!

This step will also enhance the performance of your site and add powerful new features. HTTPS encrypts the transmitted data into what may look like gobbledygook, but which is in fact a public key (the sister of a corresponding private key). Essentially, it provides three key benefits:

1. Encryption – means nobody can "listen" to the conversation you have with a browser, track your activity across multiple pages, or steal your information.
2. Data integrity – data cannot be modified or corrupted during transfer, intentionally or otherwise, without this being detected.
3. Authentication – proving that your user is communicating with their intended website. It protects against man-in-the-middle attacks and builds user trust.

So how do you go about getting an SSL added to your website? First, you must obtain a security certificate from a certificate authority (CA) that takes steps to verify that your web address belongs to you. When choosing your site certificate, keep in mind the following best practice advice:

• Choose a 2048-bit key to maximise security. If you already have a certificate with a weaker key (1024-bit), upgrade it.
• Get your certificate from a reliable CA that offers technical support.
• Decide the kind of certificate you need:
  • Single certificate for single secure origin (e.g. www.example.com).
  • Multi-domain certificate for multiple well-known secure origins (e.g. www.example.com, cdn.example.com, example.co.uk).
  • Wildcard certificate for a secure origin with many dynamic subdomains (e.g. a.example.com, b.example.com).

You can check out Google’s own set-up guides for HTTPS to get you started.

A word of warning
You might be tempted to wait, concerned you’ll lose your hard earned ranking, but as Google is used for more than 80% of searches on the internet, if your site brings up an ‘unsecure’ alert you’re quickly going to lose custom to competitors who are ensuring the security of their customers’ data.

Talk to us today for help in making the switch either by using our contact form at the bottom of this page or giving us a call on 01738 700 006.