SSL-mageddon: Google Warning Sites Without HTTPS
We’ve been warning users about the impending doom regarding their websites and security, and today, Google has started their campaign to notify webmasters too. HTTPSmageddon, HTTPS-mageddon, SSLmageddon or SSL-mageddon – whatever way you want to say it, the storm has arrived!
I’m going to use SSL-mageddon, it just looks nicer! 🙂
What’s Happening? When are we required to move to HTTPS?
Since 2016, Google has been encouraging users to move to an HTTPS encrypted site, as part of their “HTTPS Everywhere” campaign. In September 2016, Google made their announcement that beginning in January 2017, and Chrome 56, Google would start marking pages that collect password information or credit card information as “Not Secure” in the web browser. You can read the entire Google Security Announcement here.
Essentially, it started with a basic non-secure notice with just an exclamation mark in a circle in the URL. Users would click on it (most users don’t) for more information on what’s being collected by the site. Here’s what that image looks like:
Unfortunately, most users didn’t click on it, and the “warning” was just an exclamation mark in a circle and was very muted leaving everyone no longer paying attention to the notice.
With the lack of response, they were looking for, Google then upped their game and started to show an even more obvious notice in the URL. This time, replacing the exclamation point and circle with the words “Not Secure” in either plain text or as they originally proposed, in nice red letters:
At Big Red SEO, we know and understand the reason behind most requests search engines and decided to up our game purchasing the next level of SSL by using an EV-SSL (Extended Validation). This type of license has a few more loops to jump through when going through the purchasing an SSL process, not the least of which is verification of a business license and a notarized letter from our attorney and accountant.
You can see this in our URL at the top here on your browser. If you click on the company name, you’ll get more information about us:
While more expensive, up to 10 times more expensive than a basic SSL Certificate, it’s something that I used when I ran a web hosting company and strongly recommend on E-Commerce Websites as it provides more information to the user. The more information you can provide, the easier it is to make the end user feel secure and, of course, makes the conversion of a sale higher.
Google Is Putting You On Notice – Deadline October 2017
Starting Today – 8/17/2017 – Google has started sending email notifications to webmasters via the Webmaster Search Console, or the Webmaster Control Panel, to let them know that their site is currently insecure, and will have issues when a new version of Chrome is released (Chrome 62 – in October 2017).
Here is what the email from Google looks like (areas blurred out for client privacy):
If you haven’t received this notice yet, you should receive it shortly.
If you’re not using HTTPS and have a contact form, of any kind on your website, you better be on the lookout sooner rather than later as this is not a deadline you want to miss.
So There You Have It! Make Sure You Install An SSL!
At Big Red SEO, we’ve been notifying clients for over a year that this day was coming, but now we’re down to the final stretch. So, if you’ve not taken the steps needed to get an SSL purchased and installed, this is your final warning that you’ve got the best part of 6 weeks to get your website in order.
There are many places that you can get an SSL Certificate, and we cover it all here in this article & Video – “SSL Certificates, HTTPS & Security.”
As an added bonus, back in 2014, we reported how Google was giving a boost to websites that move to the HTTPS enabled websites. You can read that article here: “Google Says Move To HTTPS For Better SEO.”
No Idea What To Do? We Can Help!
With nearly 20 years experience in the web hosting business, I’ve installed hundreds (maybe thousands) of SSL Certificates for clients. There’re free ones, paid ones, and then expensive ones to pick from.
For MOST people, the basic Free SSL option is all you would need. The free option will depend on your web host provider. If a FREE SSL is not available from your web host company, you’re generally looking at between $15-25 per year for a certificate.
At the end of the day, Google wants to provide a secure surfing environment for internet users. Whether you go with an EV SSL, a Paid SSL or Free SSL, the important thing that Google is looking for is the Green HTTPS in the browser window (see below):
Are you seeking more information than what’s listed above, if so, be sure to read our article “WordPress Will Require PHP to Operate.”
Need us to help you install an SSL? Not a problem. Just drop us a note via our Contact Form, and we can chat.