Making Your Website More Secure for Your Visitors
HTTPS was officially acknowledged as a ranking signal in 2014. Since then people have been discussing the strength of this signal and its contribution to the higher rankings. At some point Google agreed that it has boosted rewards for secure websites; however, according to SEM experts, it looks like Google does not plan to increase the weight of this factor anymore. However, given similar rankings between a secure and a non-secure website, Google will no doubt favor the secure browsing options.
What is HTTPS? HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data between the user’s computer and the website they are visiting. Users expect a secure and private online experience when using a website.
So rather than actual ranking factors, the main issue at stake is visitors’ trust and browsing security. HTTPS is now a necessity for every website. Companies need to protect their visitors by ensuring that all the data transferred through their websites is authentic, encrypted and intact.
In the case of Chrome, the most commonly used browser in the US, in January, they announced their first steps towards improving how Chrome communicates the connection security of HTTP pages.
It used to be that only websites that required visitors to enter passwords and sensitive information (i.e. credit card numbers, etc.) required a secured certificate and an HTPPS connection. But not anymore. Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the “Not secure” warning when users type data into HTTP sites.
Chrome now marks HTTP pages as “Not secure” if they have password or credit card fields. Beginning in October 2017, Chrome will also show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.
Treatment of HTTP pages in Chrome 62
When shifting your website to the secured protocol, you can come up against multiple mistakes. You should contact your webmaster to handle the implementation for you.
Beware of missing redirects and canonicals to HTTPS URLs, as these can lead to lower rankings and cannibalization. Use a 301 redirect or rel=”canonical” on the HTTP version to indicate that your primary version is on HTTPS now. Mind all the elements of a page, and only add HTTPS content to HTTPS pages to ward off security and UX issues. And remember to update your website internal linking and your sitemap with HTTPS URLs.
Keep an eye on your SSL certificate – it should be up to date, valid, and registered to the correct domain or your users will get upsetting notifications, which will certainly increase bounce rate. It is recommended that you implement HTTP Strict Transport Security (HSTS) to force your user’s browsers to only use secure connections. Also, it is good to have a server supporting SNI (Server Name Indication) so that there would be a possibility to use multiple certificates at the same IP address.
HTTP encryption is without a doubt, the type of upgrade that all companies will want to implement to their websites. Surprisingly, the first and foremost reason for that is not the possibility of higher rankings, but users’ trust.
Statistics show that people already pay attention to the security of the webpages they visit, and some experts believe, that this results in more traffic for HTTPS pages and less traffic to the HTTP ones. This will be taken to once Google starts labeling of all HTTP pages as non-secure in a more aggressive manner and regardless of whether there is any form on the page or not.
Also, the good news is that HTTPS migration is usually implemented together with the number of other SEO tasks, which, when done correctly, can actually have a positive impact on your SERP rankings, website traffic and CTR.
Although adoption of HTTPS happens much faster in certain industries like banking compared to the other ones, there is an undeniable trend toward HTTPS migration that you can’t overlook.
In conclusion, HTTPS is the current leading standard for secure sites, and any company hesitant to migrate is losing ground by the day, not to mention jeopardizing the trust of their customers. Chrome flagging HTTP sites as unsecure is just one step in a long list of changes soon to come intended to better protect the privacy and security of sensitive information. There is simply no reason to delay HTTPS any longer.
If you need assistance migrating your website to an HTTPS secure environment, our MGR Team can handle that for you.
Thank you for reading. Until next time, this is Manuel Gil del Real (MGR).
Sources: SEM Rush, Google.com