Google’s intention to debunk and penalize potentially unsafe websites is going further.
The recent Chrome 56 browser release introduced a novelty, making sure that non-techie users understand that the green padlock hanging in the left-hand corner of the address bar is not a mere gimcrack, as many users perceived it so far.
Google announced the change last fall, and there it is.
There’s hardly a possibility to ignore or misinterpret the “Not secure” label that now hangs on the websites without the safe protocol. A few visitors to a flagged website might understand that this means it simply lacks the SSL certificate – but if they weren’t about to enter any confidential info, it would still be OK for them to hang there. However, a great majority will probably take it for an alarm and just make a U-turn from the website, not willing to take any risk.
HTTPS became a ranking signal on Google as early as 2014, but these days the new Chrome version showed us that they are serious about boosting the “HTTPS everywhere” campaign. They started penalizing all non-secure websites, rather than just rewarding the secure ones, as before. By some estimations, this means that up to two thirds of all the websites on the Internet will suffer the consequences.
Which is fair enough. If you are ignoring your website’s and its visitors’ security, the search engines (and therefore, the users) will be encouraged to start ignoring you. Therefore, users’ confidential information won’t be jeopardized in any way, but it will be your SEO which will take the shot. It seems that the only way to persuade people to raise the safety level is to strike them where it hurts most – on the profit side.
So, let’s wrap it up. What does the SSL certificate that Google so strongly recommends you to obtain actually mean?
Opening any website is done by establishing communication with servers. Just like any other communication, this kind can also be intercepted by potential attackers (who may be human, but in most cases they are actually human-operated programs), who try to steal any valuable or confidential information either by eavesdropping or redirecting you to their own website that is identical to yours.
Now, if you have enabled the HTTPS (Hypertext Transfer Protocol Secure), instead of the traditional HTTP, this means the communication is being encrypted in a way that is decodable only by the computer that is sending the request and the server that’s receiving it. Anyone else would only get an unintelligible code that they can’t put to any use.
The process of obtaining the SSL certificate should be quite easy. You don’t have to enter the mishmash by yourself – the first thing you should do is contact your hosting provider. Some of them even offer SSL for free. Even if you have to pay additional fees (typically ranging from about $100 up to as much as $1.500 per year), just think about the potential damage you’re avoiding, which will soon be measured by decreasing numbers of visits because people got averted from your website.