Earlier this year, Google’s official security blog announced a startling new requirement for website hosting and users. The company disclosed, “‘Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as ‘not secure.'” The change impacted countless website owners, even those who do not collect data from their visitors.
What are HTTP pages, aside from the start of a website address? What qualifies as website as secure or not secure? How will this development influence your traffic and market?
To begin, HTTP
- stands for HyperText Transfer Protocol
- is a non-secure connection to a server
- describes the flow of data from a user to a web server
- does not contain encoding to protect this data
- can be breached by hackers to steal information
- is the standard state of a website before owners get an SSL
An SSL, or Secure Socket Layers, is the type of encoding technology that a website owner can purchase to encrypt data. It is called an SSL Certificate and can be setup for one’s site with the help of a developer. Once a website has an SSL Certificate, it becomes a secure website. Obviously, the Internet would be a dangerous place if, say, major financial institutions were HTTP websites. If they are not HTTP websites, then what are they? They are sites that use the HTTPS protocol Google requires.
What are HTTPS pages? HTTPS are
- known as HyperText Transfer Protocol Secure
- a type of 256-bit encryption that codes data entered on a website by a user
- a security measure employed as the information passes to the server
- the type of web connection that Google has mandated
Therefore, the difference between HTTP and HTTPS websites, aside from the fact that one starts with “http://” and the other is “https://s” is the level of security. HTTPS is the more secure and preferred type of website. The reason for this distinction is important because a good business owner does not want their users to fall prey to hackers during sales transactions or have sensitive data stolen by unauthorized parties. Google Chrome now displays warning dialog boxes if a website is non-secure and indicates this near the website address atop a page with an unlocked icon. According to their Security Blog, the reason for this change was that “studies show that users do not perceive the lack of a ‘secure’ icon as a warning.”
Now, let’s circle back to the question of what this means for one’s website traffic, or the popular websites you might use to run an online shop. A user does not want to lose their information, so would be less likely to visit a site with a big warning sign on it. These websites will, consequently, lose traffic and fall in the site rankings.
Here at Summit Website Design, we have followed which major websites follow this protocol already. We studied whether Adobe Business Catalyst, Magento, Shopify and WordPress have adopted the new protocols. We started with some research on the popular web-hosting domain, Adobe Business Catalyst. As of May 2017, BC now offers SSL certificates to all their customers. As of August 2017, Adobe Business Catalyst automatically provides SSL certificates to customers when they upgrade their website to include a shopping cart and online store.
Similarly to Adobe Business Catalyst, the web hosts Magento and Shopify have also complied with Google and allows website owners to configure their websites with SSL certificates. They simply have to access their Dashboard and update the configuration options. WordPress allows users to configure a HTTPS web address if they have purchased the proper SSL.
We will keep you updated as more developments occur. Contact us here if you have questions or need help with SSL certificates.