Google Chrome Set to Display ‘Not Secure’ Warning for Pages Running over HTTP
October 3, 2017 11:59 am |
Earlier in the year Google announced intentions to move forward with plans to encourage the use of secure HTTPS pages amongst sites and webmasters.
In short, Google stated that come October, users accessing webpages with forms, login and other input fields would be met with security warnings. To be exact, Google said:
“Beginning in October 2017, Chrome will show the ‘Not secure’ warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.”
Chrome will display the ‘Not Secure’ warning on pages where credentials are required.
Final Warnings before October 2017
After initial warnings, August saw emails received via Search Console pertaining to the upcoming update.
For many websites, input fields are key to their everyday running. Whether it’s a newsletter signup, user login, and especially payment details, abandonment rates will likely rocket.
There surely aren’t too many people out there who would spot ‘Not Secure’ during payment and continue entering credit or debit card information.
This is only Phase 2 in the ‘Marking HTTP As Non-Secure’ project. Although there is no concrete time or date, the long-term goal is labelling all pages displayed in Chrome over HTTP as ‘Not Secure’.
Chrome’s Browser Market Share
Considering the fact that Chrome is by far the most used desktop web browser in the UK, there’s plenty of reason to tackle this potential issue before you start to lose users, visitors and customers.
Chrome enjoys a less significant, yet still hefty share of mobile browsing sessions.
All of this adds up to pretty beefy share. That means that the majority of your website visitors probably use Chrome.
To find out for sure, check out the Browser and OS report in Analytics. You can find it under Audience and Technology.
Avoiding the ‘Not Secure’ Message
There are two options to resolve the ‘Not Secure’ message – one if you’re going to do it properly. The easiest, although not recommended in the slightest, is to redirect the window to a contact form on a page using HTTPS protocol.
Of course, you’d have to be very careful with SEO and usability elements. Inconsistent protocols, indexability, crawlability and user experience can all impact the page, potentially damaging the work already carried out.
The other option, and the only one that you should consider implementing, is to migrate the entire site from HTTP to HTTPS. Even as far back as 2015 Gary Illyes, webmaster trends analyst, tweeted as an HTTPS advocate.
If you're an SEO and you're recommending against going HTTPS, you're wrong and you should feel bad.
— Gary "鯨理" Illyes (@methode) August 18, 2015
For those not paying attention back then, now is surely the time to at least consider the switch.
Your hosting company or site developers will be able to tell you exactly how to go about getting set up on HTTPS.
Switching isn’t a job that should be undertaken unless you know exactly what you’re doing. It involves configuring and editing a number of files with the potential to damage your site if incorrectly implemented, with risks including:
- Incorrect/Missing Redirects
- Incorrectly configured htaccess file
- Outdated Sitemaps
- Outdated Robots.txt file
- Incorrect Canonical Tags
- Missing Disavow File
In SEO terms, a switch to HTTPS can have a negative impact. You can probably expect to lose a portion of sessions and rankings as search engines crawl and index your “new” site. It shouldn’t take too long for your site to get back where it was, assuming all aspects have been completed effectively.
Ensuring a Smooth Transition
If you’re a little worried about Chrome warnings affecting your site, there’s no need to worry. SSL configuration isn’t a particularly time-consuming or expensive process
It’s highly recommended, however, to audit a site before and after HTTPS migration. This can help to identify all pages, links, images and directives and make sure that everything that needs switching is present.
After migration, a page is only really deemed secure if all resources and files are referenced using secure protocol.
Screaming Frog and similar web crawling tools can help to verify that internal links and image, style sheet and script links are pointing to HTTPS pages.
With Chrome showing ‘Secure’, rather than an undesirable ‘Not Secure’ message, users are far more likely to stay on your site and complete field inputs.
Like many of the major search engines, Google places great value on security. As we move forward, it’s almost a guarantee that we’ll see even more measures taken to encourage the use of HTTPS.
There aren’t many reasons not to switch now, though. After all, who knows what could happen to sites not using secure protocol in the near future.
For more details on the ‘Not Secure’ warnings and information on HTTPS and switching, check out these resources:
- Google emails warnings to webmasters that Chrome will mark http pages with forms as ‘not secure’ – Search Engine Land
- HTTP to HTTPS: An SEO’s guide to securing a website – Search Engine Land
- How to Add SSL and HTTPS in WordPress – WPBeginner
- 40-Point Checklist for a Successful HTTP to HTTPS Migration – Cue Blocks
- The HTTP to HTTPs Migration Checklist in Google Docs to Share, Copy & Download – Aleyda Solis