According to a blog post by Chrome security product manager Emily Schechter, Google will soon begin to mark all HTTP sites as “not secure”in Google Chrome.

The change will take effect in July 2018 with the release of Chrome 68. According to the post, “Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default. HTTPS is easier and cheaper than ever before, and it unlocks both performance improvements and powerful new features that are too sensitive for HTTP.”

The implication is that Google is actually taking the security of the web really very seriously and will be down-grading insecure sites in the ranking on its search engine result pages.

The Chrome team said in the announcement that it was mostly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and a strong majority of Chrome traffic is already encrypted. According to Google, “Based on the awesome rate that sites have been migrating to HTTPS and the strong trajectory through this year,” Schechter said, “we think that in July the balance will be tipped enough so that we can mark all HTTP sites.”

HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one in the middle can spy on what you’re doing. Without that encryption, someone with access to your router or ISP could intercept information sent to websites or inject malware into otherwise legitimate pages.

HTTPS has also become much easier to implement through automated services like Let’s Encrypt, giving sites even less of an excuse not to adopt it. Google pointed to its own Lighthouse tool, which includes tools for migrating a website to HTTPS.

Also read: How to Install an SSL Certificate in cPanel

Read also: SSL Installation: Common Problems and Solutions

How Does This Change Really Affect HTTP Websites?

To understand how this will work, it is really important to tr to do a visual presentation of what Google intends to do.. Take a look at the presentation below:

Not Secure

The presentation above is exactly what Google is trying to do. The implication is that b default, buying a domain name has to go with buying an SSL certificate to avoid Google marking it as an unsecure site. Does it matter of Google marks a website as unsecure you may want to ask. The answer is yes. In a world where internet users have become increasingly aware of the insecurity of the web, being marked as "insecure" will certainly impact visitor traffic. Infact, a website will increasingly be blacklisted by users once marked as insecure. This will certainly hurt website reputation and truly slim down the chances of an success. So start thinking of getting an SSL enabled on your site now if you have not.

Also read: How to renew an SSL certificate

Understanding How SSLwork

To understand how SSL work for websites we will use a mundane example. Lets look at the relationship between keys and doors. SSL are like keys to doors. Once locked with keys a door cannot be opened until the keys are brought to open the doors. In the same way that we use keys to lock and unlock doors, SSL certificates use keys to validate and protect our sensitive information transmitted through the web. A certificate signing request or CSR must also be created on the server. This creates a pair of public and private keys. The public key encrypts (lock) the sensitive information, whilst the private key is decrypts (unlock) the information provided and restore it to its original format so that it can be read.

Why are SSL Certificates Important?

When you use a website, information continue to fly around over the network.  For instance, when you fill in a contact form or simply click a link a small packet of information in text format gets sent over the network by your computer.  Similarly, when you put your email address into a contact form and submit, the packet of information (very similar to a plain text file) will contain your email address within it.  This packet will then get sent to every machine on the network. If you happen to be using wireless then this information will be sent over the air.  This means that anyone can sniff the air or plug into the network and read these unencrypted packets of information. If this information is simply a request to go to another webpage it’s probably not a problem. Sometimes, the information will contain a credit card information, especially when you have submitted a purchase order online,, in such cases, then there is the possibility that a serious can occur.

This has really become a serious problem for website users and more and more websites have switched to the https protocol especially e-commerce stores. Unfortunately the internet is still predominated by websites running on the http protocol which is not secure by default, https however is secure because each of these packets gets encrypted before it is sent, meaning only the intended recipient can decrypt and read the message.

While some websites can run on the http protocol without much eye brow raised, there are a number of cases where the use of SSL security is very important. Let us take a look at some of them:

  • Online payments: – Flowing from the explanations we have given above, you will agree running an online store without SSL is certainly going to affect patronage and is sure to collapse the store. A secure connection is required for websites that take any form of online payments, be it through credit card payments or third-party payment processors such as Worldpay or PayPal.
  • Data security: SSL is strongly required for data security. Taking our example of using online forms further, there are cases where you have to register on an online store.. We understand that a lot of users will maintain a single password for all their we registrations including their internet banking credentials. If data is not encrypted and gets to a mischievous user who also gets your other details like emails, that means you can be in real trouble. It is the reason we recommend different password for different account and we also advice that passwords be changed quite often. SSL encryption allows for the safe passage of secured information, blocking it from any potential third-party access or unwanted hacks. If your website encourages its visitors to sign up to any memberships, or fill out any contact forms, then SSL encryption should be a must in order to safe guard this information.
  • Site verification: – SSL certificates authenticate and verify the owner of a website, preventing that site from any potential phishing attacks, where third-party hackers often impersonate a website in order to obtain personal information.
  • Verification of information: – SSL certificates also provide verification of the information that are listed on websites. This is particularly obvious on news sites such as the BBC or Guardian, and further prevents a users content from being altered by any third-parties.
  • Google has confirmed HTTPS as a ranking signal. This is another compelling reason to use SSL on your website. Google takes sites using SSL more seriously than those who do not and will reward a website with better rank for using the https protocol.
  • HTTPS will bring more traffic, and more business for your website. Depending on the purpose of your website, getting better ranking on the search engines automatically comes with more traffic and that increases the chances of a sale. So spending some extra on getting a valid SSL certificate can be rewarding and not lead to any regrets.
  • Users like to trust in secure websites. Seeing the HTTPS in your website URL give users the confidence that the are safe. It evokes trust and assurance of safety in the mind of users and that encourages them to share the information provided on the website which is also a good side as it promotes and increases the website trust rating.
  • Using HTTPS means that your visitor's information will be secured, as well as yours. HTTPS is a disincentive to hackers and keeps you safe from their nefarious activities.
  • Using HTTP keeps you safe from phishing sites. Dealing with websites that use secure SSL Certificate is one good way towards stopping malware attackers from accessing personal information. Although phishing websites are spread through personal emails and browsers, it is a good way to keep attackers away by using SSL.
  • Google requires SSL for mobile indexing. As you ma already be aware, Google now gives priority to mobile indexing. But in order for a mobile site to be indexable, Google recommends several best practices, one of which is to “start by migrating to a secure site,” especially “if [you] don’t support HTTPS yet.” So, this is another area where SSL is good for your website SEO performance.
  • HTTPS is reuired for Accelerated Mobile Pages (AMP). Google is giving preference to AMP and this is playing a major role in SEO which means that AMP-ready pages will have better rankings. But in order for something to be labeled as AMP, it requires SSL.

 How do you know if your website is secured?

It is necessary to have “https” on green in your website URL. You may also observe a green lock on the beginning of the URL in the address bar. If you don’t have them, you must contact a developer or a web professional to help you with the implementation.

Here at Todhost we are a team of experts in web security, so if you want to obtain and install this kind of SSL certification you must contact us. We ensure you a work of quality and excellence in your site.

Wednesday, February 21, 2018

« Back