When a website shows a ‘Not Secure’ warning in Chrome it is because your site does not use a secure connection. That is, your site uses an HTTP rather than an HTTPS connection. In other words, Chrome alerts visitors that your site does not use an SSL Certificate to encrypt the connection between their device and the website’s server.
Benefits of HTTPS over HTTP
Okay, so why is Google showing not secure warnings in Chrome?
Primarily to encourage better security of data moving around the Internet.
HTTPS adds security in three main ways:
- It verifies that you’re on the website you expect to be on
- It prevents tampering by 3rd parties, thus it stops Man-in-the-middle attacks
- HTTPS encrypts all communication, including URLs, which protects data such as like browsing history and credit card details
What is HTTPS Anyway?
‘HTTP’ stands for ‘hypertext transfer protocol’. Your browser, such as Chrome, uses HTTP when communicating with websites. The ‘S’ at the end of HTTPS stands for ‘secure’. Often, websites using HTTPS use SSL (Secure Sockets Layer) to encrypt communications with the server. HTTPS is important for you as a website owner and as an Internet user.
Firstly, you can have more confidence that the site you’re visiting really is the one you intend, rather than an imposter. For example, when visiting your online bank, your web browser checks the website’s security certificate and verifies that it is legitimate. Therefore, if you see ‘https://bank.com’ in your browser, you can be confident that you’re actually connected to your bank’s real website.
Secondly, if you send sensitive information over HTTPS, no one can eavesdrop on it. In other words, it is HTTPS that makes your online shopping safe and secure.
Lastly, HTTPS enhances your privacy. For instance, Google searches now default to HTTPS. This means that other people can’t see what you’re searching for. Prior to wider use of HTTPS, anyone on the same Wi-Fi network could snoop on your online activities, as could your Internet service provider.
When Did the ‘Not Secure’ Warning in Chrome Begin?
Until relatively recently, it was commonly assumed that only websites that collected or shared sensitive data required a secure connection. For example, ecommerce sites that store customer details and transmit data to payment processors. However, with growing concern about how personal data is collected and stored by websites, comes greater attention to ensuring the integrity of individual websites. Google’s ‘Not Secure’ warning in Chrome is one manifestation of this trend.
From 24 July 2018 and the release of Chrome 68 all websites not using a secure connection are marked as ‘Not Secure’. Chrome has followed a gradual process in pushing the Internet towards full use of secure and encrypted HTTPS connections. Firstly, from the January 2017 release of Chrome 56 a ‘Not Secure’ warning appeared on any HTTP sites collecting passwords or credit card information. Next, the Autumn 2017 launch of Chrome 62 marked any HTTP site that collected any text input as ‘Not Secure’. For instance, a simple contact form submitted over HTTP rather than HTTPS. Finally, as of this summer Chrome shows the ‘Not Secure’ warning for all sites using HTTP rather than HTTPS.
How Does the ‘Not Secure’ Warning in Chrome Affect My Site?
So Google is pushing hard for sites to use HTTPS. Does that mean I can get my site to rank better with HTTPS?
Yes, and no. While an HTTPS connection can given a minor boost to your SEO, it isn’t a silver bullet. Let’s look at this in wider context.
SEO is a multi-faceted issue. Asking if HTTPS will make your site rank belies the fact that pages rank, not sites. In other words, creating well-crafted content that is organised in an excellent structure are far bigger SEO considerations than HTTP vs. HTTPS. Considering how to build community and authority around your content is a much harder, but ultimately more effective means to develop your SEO.
With that in mind, there are some good practical reasons to make the switch, if you haven’t already.
1. HTTPS as a Ranking Signal
Google stated in 2014 that content served up by HTTPS will have some preference over HTTP content. While HTTPS can help boost your content’s SEO, it seems only a slight advantage at this time. Nevertheless, in competitive keyword niches, every little helps!
2. Referrer Data
Next, when traffic passes to an HTTPS site, the secure referral information is preserved. In contrast, when traffic passes through an HTTP site, this information is stripped away and looks as though it is ‘direct’. Therefore, preserving referrer data aides you in analysing and improving your site’s traffic.
3. Enhanced Security
Internet users show increased awareness of how personal data is collected, stored and shared. Scandals such as Facebook and Cambridge Analytica, Russian hacking of Brexit and the 2016 American election urge Internet-users to think carefully about what and how they share online. Moreover, EU passage of the GDPR (General Data Protection Regulation) has global implications for how sites handle personal data.
In this climate, the ‘Not Secure’ warning in Chrome can undermine your users’ confidence. While a secure site displays a reassuring ‘Secure’ message to visitors, sites on HTTP are hit with a red ‘Not Secure’ warning. This has clear implications for building confidence around your site and your brand.
Secure Your Site For Free
The good news is it has never been cheaper and easier to get an HTTPS connection. In the past, SSL certificates could be expensive and difficult to implement. This is the main reason a minority of sites opted for them. However, with the development of Let’s Encrypt, HTTPS is much more attainable. While there are a number of technical and SEO challenges to switching to HTTPS, it is a well-trod path. Skilled developers and SEOs can follow standardised processes to ensure your site’s migration goes smoothly.
Need help going from HTTP to HTTPS? We offer Managed WordPress Hosting with Let’s Encrypt as standard. Contact us anytime to discuss your requirements.