Why is an HTTP to HTTPS Website Update Required?

I created this page because I wanted to help people deal with the upcoming Google Chrome v62 release.

If your website is served on HTTP, you need to take steps right now to ensure it is served via HTTPS by October 17th 2017.

Google Chrome v62  will mark URLs served via HTTP as “Not Secure” when a user enters data into a form. In Incognito mode, the URL will be marked as Not Secure when the page is loaded.

This will not (currently) directly affect SEO / Google rankings, but it will affect your website’s conversions, revenue and lower the user’s trust in your brand / site / service / product.

#SEO #HTTPS #Redirects #SiteMigrations #WebsiteSecurity #DataPrivacy

Why should you care about HTTPS?

HTTPS Improves User Security and Privacy:

  • Information exchanged between your users and your website is securely encrypted and is private.
  • You care about your user’s information security and privacy, right?

Not being HTTPS Will Affect Trust, Conversions and Revenue :

  • Google Chrome will start to mark HTTP URLs as “Not Secure”,
  • The address bar will change as users type, or will be marked “Not Secure” on load.
  • Explicitly telling users that something is “Not Secure” will give them pause for thought.
  • This will affect trust – why would users trust a website marked as Not Secure?
  • This will affect conversions – why would users contact, bookmark, share, buy from, or transact with websites which are “Not Secure”?
  • This will affect revenue – if users have lower trust, and conversions are affected, then revenue will be negatively affected.
  • Note: HTTPS URLs will be marked as “Secure”.

Your Competitors May Be Securely on HTTPS

  • If your competitors are secure, and you are not, this will be a competitive edge for them.
  • After all, they show trust signals for their brand or site.
  • They will pick up sales abandoned from your site.

Return to Top

How will “Not Secure” be shown to users?

For websites on HTTP:

  • On page load, there is no marking in the browser’s address bar, just the “i”:

Google Chrome 62 Not Secure HTTP On Page Load

 

  • But, when the user types into a search box, address form, contact form, or any other form:

Google Chrome 62 Not Secure HTTP Form Example

 

  • The address bar changes to show the URL is “Not Secure”.
  • This movement will catch the eye and it will impact user’s trust in your website, product, or service.
  • This will affect website conversions and revenue.

Google Chrome 62 Not Secure HTTP Typing Triggers Warning

 

  • Let’s look at that in close-up, the image’s equivalent of slow-mo:

Google Chrome 62 HTTP Not Secure Warning

  • Do you want your users to be advised that your website is Not Secure?  

For websites on HTTP in Incognito mode:

  • The address bar will mark the address bar as “Not Secure” on page load.
  • No data needs to be entered into a form.

Google Chrome 62 HTTP Not Secure Incognito Mode

And if your website is already on HTTPS…:

  • You get the much-vaunted “Secure” marking….
  • Communications between  you and your users are secure and private.

Chrome 62 HTTPS Secure

Return to Top

Google Chrome 62 – What Will Happen?

What will happen:

  • Google Chrome will update to version 62.
  • For most users this update will take place automatically. Google Chrome will download, install and update without users needing to do anything.
  • The Chrome update will occur for desktop and mobile versions.

When will the Chrome 62 Update Occur:

  • Chrome 62 will be released on October 17th 2017.
  • Like most software updates, it will roll out over the following days.
  • Google Chrome will automatically update after this time.

Return to Top

HTTP vs HTTPS – What’s the difference?

What is HTTP:

  • HTTP stands for Hyper Text Transfer Protocol.
  • It is the method by which data is transferred between your website server and the user’s browser.
  • By default, this data  is transferred in plain text.
  • This data can include personal information entered by the user into search boxes, contact forms, address information.
  • This is not secure and the information is not private.
  • Anyone on the route between user and web server can intercept and read this plain text information.
  • This might include: cafe wifi, intermediate routers and servers, anyone really.
  • If you are using HTTP, information your users are sending to you is Not Secure and their personal information is not private.

What is HTTPS:

  • HTTPS stands for Hyper Text Transfer Protocol Secure.
  • In this instance, a secure, encrypted connection is established between the user’s web browser and the web server.
  • Any information transferred is encrypted and cannot be decrypted and read by anyone else along the way.
  • Only the web server can decrypt and read the information.
  • In order to for your website to be available on HTTPS, you need an SSL Certificate.
  • This is your full monty Wikipedia definition of HTTPS.
  • And some technical bobbins about HTTP.

What HTTPS is Not:

  • HTTPS is not a method of securing your website.
  • If you have open databases, or insecure forms, they will still be insecure.

Why the change from HTTP to HTTPS:

  • Google, and others, have long campaigned for websites to be served over HTTPS in the interests of user security and privacy. This is a good thing.
  • There is a very, very incidental boost to Google rankings if your site is on HTTPS, as it is viewed as a “trust” factor.
  • Most major websites, especially those serious about user’s security and privacy  have now transitioned to HTTPS.

Return to Top

Have you mentioned this before?

Previous Mentions of Chrome and HTTPS:

Return to Top

TL;DR

  • Update your website to HTTPS.
  • Update your website to HTTPS.
  • Update your website to HTTPS.
  • Update your website to HTTPS.
  • I could go on?

Return to Top