• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About
  • Fav Books
  • Tools
  • Journal
  • Hire Me
  • Contact
Small Biz Geek

Small Biz Geek

Small Business Design, Marketing & Technology Journal

Website design services

A Journal on Small Business Design, Marketing and Technology

  • The Internet
  • Marketing
  • Graphic Design
  • Web Dev
  • Web Design
  • Social Media
  • Technology
  • Miscellaneous

Google Security Smackdown: Websites Without HTTPS Will Suffer

By Small Biz Geek on May 9, 2017 · Filed Under: Software, Web Development Updated: May 14, 2019

Following several years of communiqué, Google has pushed the button and decreed all websites must become “secure” and adopt https. If your site visitors use Chrome, pay attention.

Google Chrome browser security warnings

You have, no doubt, used websites displaying the padlock icon in the top left of the browser. Secure

This means the website has installed an SSL or TLS certificate to create a secure connection, and data exchanged between the website and the visitor cannot be deciphered by a third party even if it is intercepted.

These sites also display the https protocol in the address bar. Http stands for “hyper text transfer protocol” and the “s” on the end stands for “secure”.

Typically, it’s for protecting credit card details on eCommerce sites, yet in a world where privacy is climbing the social and tech agenda, any type of website collecting any type of data needs to be secure.

Creating a generally improved internet experience is Google’s agenda (so they say) but as usual, there’s more to it than selfless tech philanthropy.

What Does TLS Do For a Website?

Before we discuss what you need to do to secure your website, here’s a few quick points on what SSL/TLS does:

  • Verifies that you are communicating directly with the server that you think you are communicating with
  • Ensures that only the server can read what you send it and only you can read what it sends back
  • Adds a “secure” padlock icon next to the website address

An SSL or TLS certificate is essentially a text file claiming a particular identity.

Anyone can set one up but it is the digital signature from the certificate authority which allows a party to verify that another party’s claim to an identity is legitimate. Then the so-called “handshake” between server and client can take place.

Someone else with a greater understanding of security certificate technology than I published how does https actually work?

Chrome Will Show Website Security Warnings

Search engine success is loosely tied to https, but how much the provision of an SSL or TLS certificate will move the needle for website ranking is unclear.

It shouldn’t be viewed as a silver bullet that would catapult your site into pole position in search engine results pages, but rather a minimum requirement for helping your site appear trustworthy.

And that’s the bigger picture here: trust. 

In September 2016 the Chrome Security Team published a blog about the impending browser updates in which warnings about non-https sites would begin displaying warnings to users.

As stated at the Chromium Project website “The goal of this proposal is to more clearly display to users that HTTP provides no data security.“

I’ve already seen explicit warnings in Chrome alerting me to errors about broken TLS certificates on certain sites. In these cases, the https was present in the address of the site but disputed by Google. 

In January 2017, Chrome began gently cautioning users about plain old http websites.

Clicking the Google Chrome informationsymbol reveals the message, “Your connection to this site is not secure”.

Google Chrome warning: the connection to this site is not secure

Eventually, users will begin seeing a Not secure or dangerous warning symbol for http sites that have not switched over to https.

At the time of writing this article, it’s May 2017. In 2016 Google said these https changes will occur gradually:

Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria.

Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as “not secure,” given their particularly sensitive nature.

In following releases, we will continue to extend HTTP warnings, for example, by labelling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.

If you’re planning to build a website or improve your existing one in some way, get a security certificate added to your site to display the Securesymbol.

To recap:

Chrome browser security icons

Update 2019: Chrome is showing the following message for http websites:

Google Chrome website Not Secure

“Not Secure” is now showing up on http sites

The other browsers are implementing a similar warning policy. As of May 2017, Opera and Firefox are displaying the “soft warnings” so we should probably expect those to eventually become explicit too.

Opera unprotected connection

The Opera browser implicitly warns website users

Firefox security warning

The Firefox browser implicitly warns website users

Google Produced a Study

Google’s think-tank Chromium organisation produced a study asking 1,329 people about indications of trust or lack of in their normal browsing activity.

Most of the respondents had a basic understanding of https (secure) but knew less about http (non-secure).

One of the concerns cited in the study was the number of new users coming online for the first time via mobile, where the screen labels are reduced in size and number. This minimisation of mobile web design makes it harder for narrower screens to accurately communicate the level of risk.

Is It Worth It?

How much of a problem this website security issue is for small business websites remains to be seen.

How much the use of a security certificate will improve your business is unclear.

I’ll say this though: a terrible site with poor content, few or no backlinks and no reputation isn’t going to suddenly rank well because of a security certificate.

That said, once the Chrome browser warnings are cranked up, the lack of a certificate might seriously deter someone from using your site.

Look at https as entry-level criteria when building your site. If your site is live and you haven’t already done so, make it a priority to secure your site.

Let’s Encrypt Offers Free TLS

There’s a new certificate authority offering free TLS called Let’s Encrypt, a project driven by Google, Mozilla and the Linux Foundation. 

This means you can add https relatively easily at no charge.

I’ve already added Let’s Encrypt for free to some of my own websites and client websites, which was fairly straightforward since I happen to use Dreamhost, who are partnered with Let’s Encrypt. 

Better still, if you’re using Cloudflare (also free), you have the extra layer of protection since it is compatible with Let’s Encrypt.

You can go ahead and buy a TLS certificate through your current webhost if you want to but if you use an LE partnered webhost you won’t need to spend anything.

Use a Let’s Encrypt Partner Webhost

Sadly, GoDaddy is not a partner host. SmallBizGeek is currently hosted on GoDaddy and uses Let’s Encrypt, although I have to manually renew it every 90 days.

The advantage of using one of the partner hosts is that they take care of reissuing your certificate automatically, taking away the worry of a broken security certificate and the browser warning messages we’re so keen to avoid. 

You could always move your site to a web host supporting Let’s Encrypt if you really want to save the money on the SSL/TLS certificate.

Analysis: Security Matters

Even if you’re running a simple site, go for https. It doesn’t matter that you’re not making electronic financial transactions through the site.

Think about email enquiry contact forms, user login credentials and members’ area data. When a user submits their personal information to your site, they want to know that it’s encrypted.

If you’re in a competitive niche, and your rivals have already added https to their site, arguably, they’ve got an advantage over you, however small, not only from a search engine ranking perspective but a peace-of-mind-for-visitors perspective.

The inevitable gold rush mentality of marketers trying to get any and all SEO advantages means that https is often added to a site with some naive assumptions. Don’t fool yourself into thinking this will make a huge ranking difference.

Consider https a minimum requirement in a world where hacking is the norm and security concerns are high on the agenda for consumers.

 

Related Posts

  • QR Codes Could Get the Chance They Deserve Thanks to iOS 11
  • Pssst! 16 Sneaky Snooping Tools for Spying on Competitors
  • How to Set Up Recurring Debit Card Payments with PayPal

Filed Under: Software, Web Development Tagged With: Chrome, Data, encryption, Google, http, https, Privacy, Security, Security Certificates, SEO, SSL, TLS, trust

About Small Biz Geek

I'm Darren, helping small businesses with design, marketing & tech.
Read more about me and follow me on Twitter.

Small Business Website Design

Do you need help with something web related?

To hire me see the page about my services.

Reader Interactions

Get Updated by Email

If you liked this article, consider subscribing to the RSS feed by email.
Your email address won't be shared. Read the privacy policy.
* indicates required field.
Are you human? (Spam check)

Comments

  1. Matthew says

    May 23, 2017 at 10:07 am

    Let’s Encrypt is excellent I’ve used it for a while now but I’m going to be selling online soon and want to know if I can continue using this or if I’ll need to buy a stronger certificate?

    Reply

Add Your Thoughts Cancel reply

Your email address is safe and will NOT be shared with anyone else.

Hateful, spammy or abusive comments will not be tolerated.

For more information please see the comment policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

About the Webmaster

Hello, my name is Darren, a 36-year-old business enthusiast eager to learn and do good work.

I’m a website builder for hire working with small to medium businesses.

Search Website

Let’s Connect

  • LinkedIn
  • Twitter
  • YouTube

Recently Read Book

Don't Make Me think - Steve Krug

“Don’t Make Me Think: Revisited” – Steve Krug (Book Review)

A person of average technical ability must be able to navigate your website easily. This is required reading for anyone wanting to create a better experience for their visitors…

Latest Journal Entries

  • Computer Says No: Does Your Website Work for People with Disabilities?
  • Chinese Tinder Profiles Are Using Photos of Pretty Girls to Scam “Investors”
  • Small Biz Owners “Trapped” Using Email Addresses Belonging to Internet Service Providers
  • In the Pandemic, QR Codes are Finally Proving Worthy in the West
  • Small Businesses Finally Start Marketing and All It Took Was a Global Pandemic
  • Unable to Meet in Person? Communicate Stress-Free with Online Audio/Video
  • UK Contractors Operating Ltd Companies Should Be Mad as Hell with HMRC and IR35
  • 20 Years On and Website Hit Counters are Still a Waste of Pixels
  • Competitors Can Easily Edit Your Google and Facebook Business Listings
  • Waiting on Final Images for a WordPress Website? Use Temporary Placeholders and Design Around Them
  • GoDaddy Loves Spamming Branded Footer Links to WordPress Installatron Sites
  • Dealing with Negative Comments on Your Paid Social Media Posts

Footer

Primary Navigation

Home
About Darren
Good Books
My Tools
Blog Posts
Hire Me
Contact Me

Secondary Navigation

The Internet
Marketing
Graphic Design
Website Development
Website Design
Social Media
Technology
Miscellaneous

Derby & Nottingham Area

Small Biz Geek
Office 897
109 Vernon House
Friar Lane
Nottingham
NG1 6DQ

Telephone

Tel: +44 (0) 115 714 3290
Tel: +44 (0) 7951 897 243

VoIP

Skype: ilkestonwebdesign
WhatsApp: 07519 897 243

Email

[email protected]

Let’s Connect

Twitter
YouTube
LinkedIn
RSS

Subscribe to Blog by Email

Subscribe to Blog By Email

Social Calendar

WordPress Nottingham Meetup
WordPress Derby Meetup
Genesis Framework by StudioPress


Copyright © 2021 · Small Biz Geek · Privacy Policy · Commenting Policy · Website Disclaimer · ICO number: ZA305900


Written and designed by Ilkeston Web Design

This site uses cookies More info