If you have a website without the HTTPS protocol, you should have received an email recently telling you that Google Chrome will show a security warning to your site visitors starting in October. Uh-oh, and now what do you do?
What is HTTPS?
Google explained: “HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data exchanged between the user's computer and the site. Users expect a secure and private online experience when using a website. We encourage you to adopt HTTPS in order to protect your users' connection to your website, regardless of the content on the site.”[i]
Simply stated, HTTPS is a more secure way to serve web pages than HTTP (Hypertext Transfer Protocol). To enable HTTPS, your site needs an SSL (secure socket layer) security certificate and capable hosting service. Many hosts offer HTTPS/SSL as part of their service package either free or for a nominal charge (about $100 per year).
Will my site show a warning?
Look for the locked green padlock. Warnings will initially only show on websites viewed using Google Chrome browsers for sites (or pages) that include any form field and are not HTTPS. That means any text field may trigger a security warning, including a search box or donate button or email subscription form. Currently, Chrome is the most popular web browser with over 45% of market share.[ii]
It is likely that Google will eventually require HTTPS for any site pages on Chrome, even without fields, as they try to make surfing the web safer and more secure for Chrome users.
Other browsers are likely to follow in Google’s footsteps and increase security warnings for sites not using HTTPS.
How to implement HTTPS
Check with your website host or software company
Start with your website host or CRM software company if they include hosting. They may have free or low-cost domain SSL certificate service for your website hosting. If your hosting service does not offer security certificates, you may need to purchase a third-party certificate or consider changing hosting provider.
Use a third-party certificate service
You can purchase and install (you may need tech support assistance) a third-party certificate. Third-party certificates may be more expensive but often offer a more robust service.
Do I need a new website?
While Google considers HTTP and HTTPS different websites, and it is possible to have different content or websites on each, you should not need a new website. It is common to change a website from HTTP to HTTPS and update Google settings using site move.[iii]
There are many steps to changing a website to HTTPS, but the basics are implement HTTPS using an SSL certificate, require HTTPS to view your web pages, and create redirects from the HTTP address to the HTTPS address. You will also want to submit a new sitemap to Google Search Console (previously known as Webmaster Tools).
What to do now
- Evaluate your site to see if you need to do the upgrade immediately. If you have any forms, entry fields, or buttons on your site and you do not see the HTTPS 'green padlock' in your browser URL window, then it is likely you should upgrade before October.
- Determine the services available from your current host or software provider.
- Plan the best approach for your website, and if you’ll need assistance.
[i] HTTPS, https://support.google.com/webmasters/answer/6073543