All HTTP Sites Marked NOT SECURE July 2018

UPDATE 13.02.2018 >> The latest from Google is that with Chrome 68 in July 18, all HTTP sites will be marked as [NOT SECURE].

Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.

Back in 2014, Google has announced HTTPS as a ranking signal, at the time my reaction was, well like that of most people, so what, it is just negligible and virtually impossible to attribute any SEO advantage to https, or to any other single factor for that matter.

I have at least 10 other things I can think of that are a priority… forward to 2017 and that’s not so anymore, Chrome will eventually between January and December 2017 mark all HTTP pages as “Not secure”. In red for good measure.

In following releases, we will continue to extend HTTP warnings, for example, by labelling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to label all HTTP pages as not-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.

SEO benefits aside it seems clear, in terms of conversions there is really no choice. If you want to understand this further, head here Moving towards a more secure web, and in particular for any sensitive data collection websites, this is now a must.

From January Chrome now marks HTTPS pages as SECURE

We’ve seen major cloud services and even wordpress.org already adopting https by default for all users in late 2016, as well as the emerging of Free SSL services such as Let’s Encrypt. So it is now easier and possibly cheaper than ever to move to HTTPS.

A note on the use of free SSL certificates, they are just as good or effective as paid ones, most hosting companies will charge a fee for installation of the third party certificates.

Moving to HTTPS SEO considerations

For Google bot, or for Google in plain English, http://somesite.com is not the same as https://somesite.com. Thus, you need to plan ahead and do the transition properly, not just in your site and URL structure but also in Google Analytics, Google Search Console and any other services you use such as CDNs and any other tools.

Get this wrong and your SEO can go down the drain and become difficult to recover from.

WordPress SSL and upcoming features

WordPress is like the China of the internet, over one in five sites is WordPress. In the post below WordPress has announced that they will only promote hosts with SSL by default this year. And compare SSL to javascript, so pretty much a must have.

We’re at a turning point: 2017 is going to be the year that we’re going to see features in WordPress which require hosts to have HTTPS available. Just as JavaScript is a near necessity for smoother user experiences and more modern PHP versions are critical for performance, SSL just makes sense as the next hurdle

Read more Moving Toward SSL.

Other things to watch from WordPress are PHP7, but that’s a separate matter, although if your host offers it, you should move to it as performance is significantly improved. That might be your WordPress resolution #2.