Google continues to force users move their websites under SSL certificates. To improve their security or to get more money from paid ones? That’s not the point, as in any way setting up SSL for your website is definitely a good idea. It’s not just about a green bar to the left of your address & search bar, but also one of the necessary security measures to be sure that your data won’t be stolen by anyone.
Around 3 years ago, Google’s search engine started to give some so-called “search privileges” for websites with enabled HTTPS connection. In other words websites with SSL certificates were more likely to be shown on your search and more likely to be in the top of it.
As they said: “Over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal – affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content…” You can read about this in their blog.
And here comes a rumble! Starting from July 2018, Google Chrome will mark all non-HTTPS websites as insecure, just like they planned in September 2016.
Starting with Chrome 68, when you visit a website that uses old, boring, insecure and just really not interesting HTTP connection, your Google Chrome browser will show “Not secure” message to the left of your search & address bar.
“Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web toward a secure HTTPS web by default.” – Google explained.
More than that beginning from Chrome 66, that will be released in April this year, when entering the sites with Symantec certificates issued before June 1st 2016 and after December 1st 2017 (and also if they are used as root ones – such certificates were issued by Thawte, GeoTrust and RapidSSL), Chrome will show a warning about insecure connection.
And beginning from Chrome 70, released in November this year, all Symantec certificates will get in Google’s disgrace. Same behavior will be added to Firefox starting from version 60, launched in May 2018.
Based on the information from StatCounter Chrome browser holds ~56% of the global browser market across all mobile and desktop platforms. So those websites, which will get under Google’s “Not securе” label, will be in kind-of-a-trouble, as all of that is very likely to be noticed by a great army of Chrome users. It’s hard to earn trust and confidence, but it’s very easy to lose, especially when one of the biggest world’s conglomerates says that you can’t be trusted anymore. 🙁
By the way, according to Google statistics: 81 from 100 top websites use HTTPS by default; over 68% of Chrome traffic on Android and Windows occurs over HTTPS; over 78% of Chrome traffic on Chrome OS and macOS and iOS surfs the net securely.
If your website is still working without SSL certificate you should think about getting one and installing it! And you should do that quickly if you don’t want to lose majority of networks traffic. By the way, in one of our previous posts we’ve shared an Ansible playbook for fully automated setup of free Let’sEncrypt certificate on your website. Go check it out!
We’ve have also developed a script for its auto-update that will be automatically triggered when the cert is going to expire. Contact us if you’re interested!