Another Google update is on the horizon. In October, the tech giant will release an update to their Chrome browser, and it could have a big effect on your conversions. When it comes out, the new “Chrome 62” will alert users when they type in any kind of information on a page with a non-secure HTTP connection. If you haven’t switched to HTTPS yet, this could be worrisome news for your business. Here’s what you need to know:
Google’s Push for More Security
Google has been nudging webmasters towards improving their online security for a while now. Back in 2014, Google made HTTPS a ranking signal, so more secure sites tended to rank higher than sites using HTTP, and in January 2017, Google released Chrome 56, which warns users when they input credit card information or a password on an unsecured HTTP site.
But Google isn’t finished yet. Chrome 62, which is scheduled to come out October 17, is going to ramp up the security warnings even more. After the release, Chrome users will see a “Not secure” warning message whenever they type anything into a form field on an HTTP page. This includes fields like search bars and lead capture forms. Below is an example of the “!” you see to show you that you’re on an unsecure site:
Chrome 62 will warn users that a site isn’t secure when they type information into any form field. Chrome will also start displaying a warning on all HTTP pages in incognito mode. Many people mistakenly believe that incognito mode keeps information safe from hackers, but it doesn’t – it just disables your browser from storing anything in your history or cache.
When Chrome 62 comes out, any non-secure form fields in incognito mode will load with a “Not secure” warning. Eventually, Google plans to include a red triangle with an exclamation mark along with its warning that a page isn’t secure. This change will happen in future releases, not Chrome 62.
Note: Eventually, Chrome will start displaying a scarier-looking warning on HTTP pages.
These changes are having a major impact on Chrome users’ behavior, as well as websites’ traffic. According to Google, there has already been a 23% reduction in traffic to HTTP pages requesting credit card information or passwords. With the next wave of changes, traffic will probably take an even bigger hit – unless webmasters take action now.
HTTPS: What Is It and Why Does It Matter?
At this point, if you aren’t fluent with technology, you might be wondering what exactly HTTP and HTTPS are. What’s the difference between them, and what’s wrong with HTTP?
- HTTP stands for HyperText Transfer Protocol.
In a nutshell, it’s a method for sending information between two devices. For example, when you go to a website, HTTP is the procedure that sends the information from the web server to your browser.
The problem with HTTP is that it’s not very secure. Hackers can intercept and read any data sent through an HTTP connection. Obviously, this is a huge problem if you’re sending sensitive personal information like passwords, credit card numbers, or social security numbers. Enter HTTPS.
- The extra S on the end stands for “secure.”
HTTPS encodes all of your data before sending it, so if hackers got their hands on your information, they would just see an unreadable string of gibberish. HTTPS encrypts data with the help of two other protocols – SSL, which stands for Secure Sockets Layer, and TSL, which stands for Transport Security Layer.
You can tell whether a site uses HTTP or HTTPS by looking at the URL bar in your browser. If the site is using HTTPS (and therefore secure), you’ll see a padlock symbol on the left side of the bar.
Chrome’s new security features are making internet users more safety-conscious. In the past, it was easy to just not notice whether a site was secure. Ever since Chrome 56 came out, though, it’s much more obvious when a site might not be safe. That’s driving a lot of people away from sites that haven’t upgraded to HTTPS yet – nobody wants their information to be compromised.
How Can You Avoid Taking a Hit?
If you’re already using a secure page to ask visitors for any sensitive information, such as payment information, you’re OK for now. But in October, you’ll need to make sure your whole site is secure. If you’re still using HTTP when the update happens, any kind of form field – like a search bar or an email opt-in form – will flag your site as not secure. This can do a lot of damage to your credibility, and you’ll probably see a steep drop in your conversions and new leads.
The solution is simple: make sure you’re using HTTPS by the time October rolls around. Using HTTPS is just a good practice anyways. It increases customer trust, and it could give your rankings a boost. And, of course, security is a must if you ask your visitors for personal information.
Should you migrate your site to HTTPS by yourself? That depends. It’s possible to do the job on your own, but if you aren’t familiar with how the process works, you might find yourself feeling lost or overwhelmed – or, worse, unsure of how to fix something you broke. If you’re worried about that happening, it’s best to ask your web developer to help you, or hire someone specifically to migrate your site.
If you’d rather make the switch yourself, here’s an overview of what you’ll need to do:
- Obtain a SSL certificate. You can get one for free from Let’s Encrypt.
- Make sure your server is correctly configured for the update.
- Install your security certificate.
- Set up 301 redirects from old http links to new https links. That way, people who follow old links to your site from around the Internet don’t end up at a broken page.
- Update your business’ social media pages, your Google Webmaster Tools account, and any other links around the Internet to reflect your new URL.
After you migrate your site, you might see some fluctuations in your rankings, but those should even out after several weeks. If you can, make the switch to HTTPS at a low-traffic time. That way, Google will be able to index your updated site faster, and your rankings will stabilize sooner.
Google has released a guide on updating your own site to HTTPS. If you’re planning to make the switch by yourself, it’s a good idea to familiarize yourself with the process ahead of time. You can find the guide here.
For webmasters who aren’t using HTTPS yet, the time to take action is now. Otherwise, your conversions (and your reputation) will be in trouble come October. Luckily, there’s still plenty of time to migrate your site and avoid any negative repercussions of the change. If you still need to make the switch to a more secure site, do it sooner rather than later, so you can work out any snags well before Chrome 62 is released.