From January 2017 Google Chrome will begin attaching warnings to all HTTP websites that ask for passwords or credit card details. This means any website without a security certificate will feature a red ‘Not Secure’ message in the web address toolbar.
The decision is part of a ‘long term plan’ hatched by Google ‘to mark all HTTP sites as non-secure’ and was confirmed the search giant on its Security blog. Secure websites will display a comforting green padlock in front of the web address.
What will happen to your HTTP site?
The impact will be purely cosmetic at first but Google has confirmed that site rankings will be better for HTTPS sites.
Your site’s functionality will not be affected but your visitors may not enjoy seeing the red warning flag over time. This is open to debate as NASA argues “users become blind to warnings that occur too frequently”.
Getting a Security Certificate
For a long time the only websites that deemed security certificates important were banks and businesses taking payments. But over time more websites jumped on the bandwagon, with more than 50% of websites accessed through Chrome now belonging to the HTTPS camp.
Getting a security certificate doesn’t completely guarantee security and does cost money – which is a potential hurdle for new and small businesses. But validation will become more of a necessity over time.
What about other browsers?
Firefox has also confirmed its intent to phase out non-secure HTTP, affirming ‘there’s pretty broad agreement that HTTPS is the way forward for the web.’ Mozilla is even going as far as ‘removing capabilities from the non-secure web.’
Transitioning from HTTP to HTTPS
Turning your HTTP site into a HTTPS one is very much like a site migration. 301 redirects will need to be set up so search engines can find your new address and users navigating to your old HTTP URLs are automatically transferred to your new HTTPs URLs.
The basic transition process is:
* Purchase and install an SSL certificate
* Install your SSL certificate on your hosting platform
* Amend website links from HTTP to HTTPs and deploy redirects
It may sound easy but the number of SSL packages and hosting solutions on the market quickly complicates things and the tech involved is more advanced than most businesses are open to.