Google Requiring Sites to Have Secure Certificates
Did you know that if you are accessing a website over HTTP, it is actually quite easy for others to ‘listen in’ on the information that the website is sending to you and vice-versa – especially if you are using a wireless connection. HTTPS traffic is, by comparison, relatively secure because the data is encrypted – but HTTP traffic is sent in plain text, which means that anyone that can ‘read the packet’ can read the data. Imagine that you’re staying in a hotel, using the wireless connection that the owner provided. Do you know for sure that the owner isn’t spying on your communications?
Most of the major websites now use HTTPS by default, but a lot of smaller websites do not – and a lot of web hosts don’t even offer SSL certificates by default, so if you aren’t proactive about setting it up there’s a high chance that your website won’t actually have it. Alternatively, you may have an SSL certificate, but not require that it be used – and therefore if you aren’t linking to your site using HTTPS, or redirecting users/making sure that HTTPS is the preferred way of reaching your site, then you may have a huge number of users who are accessing your site in a less secure way.
Google has provided webmasters who use HTTPS with a ranking bonus since mid-2014. The benefit to webmasters who have secure certificates has, until recently, been just one small signal in a huge pool of signals, and possibly not enough to make anyone want to force SSL on, or to make it worth someone who does not have SSL bothering to get a certificate – especially if their site is a static website that does not collect login details. However, that does not mean that it is not worth using SSL. Today, there are plenty of websites that offer free SSL, so you can get your site set up properly without too many problems.
Indeed, it may well be worth setting up a secure certificate for your website sooner, rather than later, as Google is already making a number of moves to push users to get certificates for their sites. The search giant already plasters a large “Not Secure” warning on the address bar of sites that do not have a secure certificate if a user attempts to access that site via Google Chrome. This is just one move towards pushing webmasters to invest in SSL, and it’s likely to be the first of many changes as Google knows that it has the power to push webmasters to make the web ‘safe by design’.
There’s no date set for “securegeddon”, yet, in the way that Google warned webmasters of Mobilegeddon – but insecure sites are being penalised to an extent, so it makes sense to make the steps to make your site more secure if you can – after all, there are free SSL options available, and even premium ones for online stores don’t have to cost the earth. If you accept any data from users on your website, then you owe it to them to protect their privacy and use SSL. It’s good practice, and it will impress tech-savvy users, while also ensuring that should there be any huge changes to the algorithm in the near future, you will not be caught off guard. Ask your web host today for some tips so that you can get your site set up in the most secure way possible – it will pay off, and your users will thank you for it.