July has arrived and with it the deadline Google set for when their Chrome browser will warn users about insecure or HTTP sites.
Chrome is the most popular internet browser in the world and is used by more than 50 percent of users, which means publishers can expect a significant impact from this change.
Users who encounter a security alert when visiting a site are more likely to leave it, a fact that will have a negative impact on bounce rate, impressions, clicks and probably every aspect of the website.
It’s All about the Encryption
HTTP stands for Hypertext Transfer Protocol and is the protocol that determines the communications between websites and browsers - it gives websites and browsers indications on how to react to the different commands they receive from each other. This protocol is not secure, meaning the connection is vulnerable to cyber-attacks.
HTTPS, for which the “S” stands for Secure Socket Layer (SSL) technology, provides a more secure setup than the old protocol. With SSL technology you can encrypt the information you send between your browser and a website to avoid data like personal information, credit card numbers and login details from being collected.
A poll found that the crime Americans are most afraid of is being hacked, so it stands to reason that visitors will be wary of insecure sites when they have a warning.
How will They Warn Users?
The warning will be shown in the address bar, aka the Omnibox, of the Chrome browser, indicating a website is “Not Secure”.
An example of how the “Omnibox” address bar security warning will look.
This comes on the heels of the Chrome ad-blocking software release, which aimed to improve user-experience of the internet by blocking annoying and disruptive ad types. It is a continuation of Google’s intent to make the internet user-friendlier and safer. And that’s why every publisher should upgrade its website to HTTPS.
What about Mixed Content Pages?
No one knows for sure how Google will react to addresses that have a mix of secure and insecure web pages, but it may be safe to assume that they will show a warning for the insecure content.
If your website has a mix of secure and insecure web pages, you can use Chrome’s Lighthouse web page auditing tool to identify which elements are triggering a mixed content warning.
Most Affected GEOs
We’ve mentioned that Chrome is the most popular browser in the world, but not all countries have the same Chrome usage rate. Heavy Chrome usage regions are South America (~74%), Mexico (~68%), Israel (~66%), Asia (~50%), Russia (~45%), Africa (~44%) and US (43%). You can find the percentage of Chrome users in your GEO here.
Even in areas where Chrome is not the most popular browser, it still has a fair share of users, and ignoring them will be a mistake.
Why You Should Upgrade to HTTPS
The benefits of HTTPS are significant:
- It’s good for your SEO: You can never be 100% sure what affects SEO and what doesn’t, as Google keeps things deliberately vague, but you can be sure that if Google is encouraging websites to move to HTTPS, then those who will remain with HTTP will take an SEO hit.
- Your Mobile performance will be better: mobile usage is also on the rise, and Google has created the Accelerated Mobile Pages, or AMP, to improve mobile user experience. And you can’t use the AMP without moving to the HTTPS protocol.
- Gain User Trust: As we mentioned, people are wary when they know they visit a website that is insecure, so moving to HTTPS will set your visitors’ mind at ease. They will be more inclined to give you personal information if they know your website is encrypted.
- Increase Revenue: This is a direct consequence of the previous point. When people trust you more, they will click more on what you offer.
Find Your SSL Provider
Let’s Encrypt is a Google-recommended low-cost option for those who run their own servers. The best providers to consider are Digicert who bought web security experts Symantec, Comodo and Entrust Datacard, but there are other less expensive choices like GoDaddy and SSL.com.
Things to Consider when Migrating to HTTPS:
- Switch the default setting of your CMS provider (like WordPress) to HTTPS.
- Make sure all the redirects from the HTTP pages to the HTTPS pages are permanent.
- Make sure all meta tags are pointing to the correct HTTPS pages.
- Update the links on your social media and other assets. Inform websites that link to you that your URL has changed.
- Set up your Analytics account according to the new HTTPS protocol.
If you’re sitting on the fence regarding upgrading your website to the HTTPS protocol, now is the time to get off it or it will scratch you. And a Google scratch stings for a long while. The new Chrome security warning for insecure websites is bound to cause traffic and revenue loss to those who stay with the HTTP protocol. Migrating to the new protocol is not all that difficult or expensive and, by the end of the day, it could save you a lot of money.