Google Chrome users will soon begin seeing a grayed out “Not Secure” message in the address bar when entering text into input forms on all sites that use HTTP instead of HTTPS. The “Not Secure” message may not seem like much, but it can be a red flag to website viewers that any information they enter could be stolen by hackers.
Input forms include any text input boxes. It could be a form for submitting an email, or something as simple as a search box. Additionally, all Chrome Incognito mode users will see the “Not Secure” message on all non-HTTPS web pages.
For website owners, an audit of all pages that could be affected and a switch from HTTP to HTTPS hosting is the most effective strategy. Not doing so could risk a dip in traffic and especially in form submissions. Your entire strategy for capturing user info, like emails or encouraging more time spent on your site, could collapse.
Don’t let this happen to your business! You can read the following information to learn how to switch from HTTP to HTTPS as well some background information on why the switch is important.
Why Is Google Making This Change?
Google is likely making the switch to a more blatant notification system for the sake of user experience. In an era filled with high-profile hacking incidents and data breaches, Chrome users are concerned about their privacy and data security.
HTTPS-hosted sites use encryption and SSL certificates to be more secure, so Chrome can assure users that any data they enter will be protected, even if it’s something as innocent as a search query.
Since Chrome Incognito mode users are likely to be even more concerned about security and privacy, the mode flags all HTTP sites as “Not Secure” regardless of their content. Expect that to be the norm as Google moves forward. When Google first announced the Chrome change a few months ago, they indicated that all non-HTTPS websites could soon be marked as “Not Secure” to all users.
Additionally, Google has been bumping the ranking for sites that use HTTPS instead of HTTP, so making the switch can be beneficial for your site’s SEO.
Should My Business Care About the Change?
Absolutely! Firstly, Chrome is the most popular web browser of all time. The company surpassed a billion desktop and mobile users years ago, and they command a 45 percent market share. Ignoring the message could potentially cause a significant portion of your traffic to drop off.
Secondly, people care about their data privacy in this day and age — a lot. In a recent survey, 89 percent of respondents said they would avoid doing business with companies that don’t protect their privacy. Seventy-four percent also said they stopped doing certain online activities for fear of how their data can be accessed and used.
While a simple “Not Secure” message may seem harmless, it can send signals that the company does not care about user security or privacy. People have heard many news stories over the past few years about data breaches revealing everything from customer SSNs to bank account numbers.
Ignoring the change could easily cost you customers. And, should something bad happen, the damage control will be much more difficult with a company that sends “Not Secure” messages to its website visitors.
What Is the Difference Between HTTP and HTTPS?
Getting down into the technical details of the difference between HTTP and HTTPS could fill a college course textbook, but it can be summed up as follows: HTTPS is encrypted, but HTTP is not.
Encryption is a method of disguising a message using a code. A simple encryption cipher would be to replace each letter of the alphabet with the one after it, so the word “BANANAS” would turn into “CBOBOBT”.
Modern computer encryption codes are much harder to figure out than that simple cypher, though. Someone would need a “key,” which instructs an application like a browser on how to decrypt disguised information. Usually, there are two keys, a public key that encrypts data from all users and a private key — that only the website owner has access to — that can decrypt the data.
Online, encryption comes in the form of SSL certificates. These certificates verify the identity of the website owner and that the domain name used for the site is connected directly to the owner.
By requesting domain-level SSL certificates, a website owner or business owner can encrypt all data sent between users and the company, protecting it. In turn, browsers see the padlock icon in their browser bar along with green text and other possible security indications, making them feel more secure while browsing.
How Do I Switch From HTTP to HTTPS?
The simple answer is to obtain an SSL certificate for your website domain. By working with the SSL company, you can verify site ownership and general security practices to get permission to safely encrypt your data and display the HTTPS identifier at the beginning of your site’s address.
You then have to switch your webpage settings from HTTP to HTTPS and ensure that all website links reflect the change. You can also set up 301 redirects that notify browsers of the address change so that all bookmarks and copied link addresses automatically redirect to the proper site.
Making this change requires several other actions to complete, most of which require a bit more know-how than the typical business owner has. Luckily, your website hosting company can likely make the switch for you as part of a package deal. Review the terms of these packages carefully, and ensure they offer everything you need. An ideal package contains:
- Encryption installation
- Mobile and browser compatibility assurance
- A dynamic site seal
What Are the Different SSL Products Offered?
You can choose from several options for using SSL certificates depending on your business’ needs. Most small businesses only need the “standard” SSL. This changes their addresses to HTTPS and adds the padlock icon in the address bar.
“Wildcard” SSL allows you to add subdomains to your package to extend the number of web pages that are encrypted. For example, a standard encryption might only cover websites for the domain www.cityvillebikeshop.com, while a wildcard SSL product might also cover www.rentals.cityvillebikeshop.com. Finally, there are multi-domain SSL certificates covering multiple sites under one owner.
Within these products, there are additional qualities to choose from:
- Domain validation is the most basic level of verification, which ensures SSL certificates are active and the HTTPS encrypted protocol is being used.
- Organization validation adds additional ownership indicators to more strongly link the SSL certificate and its covered site to the website owner.
- Extended validation requires complete ownership rights to the domain name, and it adds the company name and a more-noticeable green logo to the address bar.
Most small companies only need standard or wildcard SSLs with the simplest domain validation, and some may wish to step up to organization validation. Review your needs closely with your SSL provider and web hosting company to determine the optimal arrangement for you. If you have any additional questions about making the switch from HTTP to HTTPS, you can review this informative post from Small Biz Trends.
Adding SSL and HTTPS security to your site is a big gesture towards your customers and a future-proofing measure for later SEO changes. Don’t be afraid to make the jump — both you and your customers will be glad you did!
About the Author
Proud father, husband, and corgi-owner. I’ve been working in SEO Industry for more than ten years now. Product Manager at Seomator