Why Google Wants all Sites to use HTTPS

Over the last couple of years, you may have noticed that more and more sites are using the HTTPS prefix instead of the expected HTTP. Even sites that don’t ask for any personal information are now doing this. You may have wondered what the motivation was – after all, this change doesn’t affect the design and is not an obvious improvement in user experience. In fact, on slower connections, the need to hook into the security processing can make sites load slower.

As with many things that make no immediate sense, Google is behind this change. It is urging webmasters to make their sites HTTPS regardless of what information those sites handle. In some cases, it is even lowering the rank of HTTP sites when there are equivalent HTTPS ones that it can show. Its preference will also be reflected in its Chrome browser. Over the next few years, it intends to put a warning that HTTP sites are insecure whenever such a site is displayed by Chrome.

Why Does Google Want HTTPS Sites so Badly?

Google’s stated goal is to improve the security of the Web by promoting the use of HTTPS. It notes that data coming to and from an HTTP site can be intercepted, so even if it’s not a site that asks for any information from users, a hacker can basically make it so a fake site appears instead. This fake site can be used to trick users into giving up personal information, which can then be used for nefarious purposes. Of course, insecure sites that do ask for personal information can also be targeted.

Will HTTP Sites be Marked as Insecure Right Away?

According to Google’s statement from 2016, the first sites to be marked will be those that ask for passwords or credit cards. However, as time goes on, more and more types of HTTP sites will get the “insecure” marking. Eventually, all of them will. This is because Google believes that too many warnings at once will cause people to ignore them. Rolling out the change over several years is meant to ensure that the warnings will continue to grab attention.

Why Should Webmasters Care?

Webmasters and site owners whose sites sell things directly – also known as merchant sites – have long known that building trust is important for getting sales. Other sites, however, didn’t use to have to give it a second thought. Now, however, owners of these sites have a few reasons to be concerned about the security rating of their sites:

  • It can affect search engine ranking. Unlike the complex analysis needed to determine whether the content is any good or if incoming links are legitimate, it is very simple for Google to determine whether or not a site uses HTTPS. All it takes is a programmatic check for the “S” at the end of the URL prefix. This will make it extremely easy to apply a ranking penalty to sites that don’t have it.
  • Many visitors will quickly leave the site if they see a warning. Regardless of the type of site you have, it will not meet its goals if the visitors leave before they even read anything.
  • Google may eventually make it so that Chrome won’t display non-HTTPS sites. Since Chrome is a very popular browser, this would mean a precipitous drop in traffic.

How Do I Make My Site Into an HTTPS One?

The most basic answer is that you need to install a secure server certificate (also known as a secure socket layer, SSL, or SSL cert). This, however, makes things seem simpler than they usually are.

An SSL is not a “certificate” in the sense that non-webmasters usually think of them. It’s not on paper, it’s not connected to education, and it’s not a license. Instead, it is a bit of encrypted data that enables a private connection between the server and the site user. The “certification” aspect comes from a company that backs up the claim that the user is actually connected to the site in the URL bar.

In order to get this working right, someone must access the site’s server and properly install the certificate. Whether this is easy or not depends mostly on how often the installer does this sort of work and what interface your server offers for the job. If it’s your first time, or you have a clunky interface to deal with, you can easily spend hours fiddling with it. The project is worst when you have a few sites to do, but not enough sites to truly learn the exact sequence of actions needed to accomplish it. In these cases, it can be quite frustrating.

Because of this, many choose to take the simplest path – hiring it done. To hire it done, all you need to do is copy the certificate information and then either email it to the company you’ve hired or paste it into their form. Then, you enter your credit card information and await an email that says the job is done. It’s a great option for anyone who has too few sites to allow for proper memorization of all of the steps.

Either way, once an SSL certificate is properly installed, your site’s URL will automatically begin with HTTPS. That said, you should always test the effects by visiting the site directly. Errors in the valid date range, registration information, and other aspects can cause browsers to throw errors or warnings. It’s always best to check this yourself so errors don’t go undetected and cost you traffic.

Are SSL Certificates Expensive?

This depends on where you get one. There are companies that charge hundreds of dollars per year for an SSL cert, and there are ones that charge $20 or even less. Note that these costs do not include installation fees. As with the certificates themselves, prices for professional installers vary.

Often, companies offering SSL installation service will also offer the option to buy the certificates through them. Check the prices, and if the offer is good, make things easy on yourself by ordering it right from the installing company.

How Often Do I Need to Get an SSL Certificate?

Certificate lengths vary. The shortest is typically good for one year, and the longest is for three years. There is typically a bit of a discount on the per-year price if you get one that’s good for longer than one year.

This length of time is another reason that many choose to hire installers. Three years is plenty of time to forget how you did it before, making it so that every instance is like a first-time project. A professional, on the other hand, may install 50 or more certificates every day.

How Many Sites Currently Use HTTPS?

According to Search Engine Journal, 50 percent were using HTTPS as of January 2017. Now, the number is surely higher. It won’t be long until the vast majority of sites use it. In fact, the only ones that probably won’t ever jump on this are old-fashioned family or local club sites that simply will not care about their search engine rankings or security. This is a tiny percentage of sites compared to the entirety of the internet.

Chrome is Just One Browser – Do I Really Need to Care About What it Does?

The short answer is “yes.” Browser companies compete against each other even though their product is free. This makes it so that any feature that seems popular for one browser will soon be copied by all of the other major ones. Firefox, for example, already throws a warning when users attempt to enter a password into an insecure form. Those that haven’t followed suit soon will. They will almost surely continue on the same path as Chrome until eventually, all non-HTTPS sites pop a warning whether or not they ask for form data.

Will Non-HTTPS Sites Suffer Ranking Penalties in Google?

While some will yell “yes” or “no” with great certainty, the fact is that Google is notoriously secretive about its ranking criteria. That means it is impossible to say, at least with certainty, how much of an effect this will have on ranking or how quickly it will be noticeable. It is, however, a fair bet that it will have some effect on site visibility in the search results right away. For now, results are likely to vary depending on which keywords or key phrases are being searched for.

Once adoption of SSL technology is highly widespread, Google is likely to go ahead with a blanket code change that will either promote sites with the “S” in their URL prefix or downgrade sites without it. The end result then will be that having an insecure site will cause a big hit to your rankings.

Get Your SSL Certificate Professionally Installed

If you don’t have the time to spend on figuring out the arcane methods of installing an SSL certificate on your site or server, use our service to get the job done. We’re professionals, so we’ll have the project completed in a jiffy. You won’t have to frustrate yourself by trying to be a server admin when you’d rather be handling the rest of your business, and you won’t have to worry about whether the job is done right. Just contact us to have us make your site secure.