In less than four months Google will mark all HTTP pages as insecure in Chrome. If you or someone you know is running a website that has not yet deployed HTTPS, the time to upgrade is now. I urge you to share this article with anyone you know that has not implemented HTTPS on their website.
As many people may be aware by now, Google has been pushing hard in recent years to increase the security of the Internet. Although this is genuinely a good idea that benefits everyone, this stance has proven to be a headache for anyone that did not have any plans to deploy HTTPS on their websites. In this article, I will give a brief history of SSL, what it is, why it's needed, and the short and long-term consequences of ignoring Google's demands.
What is SSL?
In short, SSL (Secure Sockets Layer) is a technology that is used to encrypt the communication between your computer and the website you are visiting. In the early days of the Internet, SSL was prohibitively expensive and slowed the performance of a website. Even worse, the server setup was quite complicated. Only large online stores would spend the time and money to encrypt communication with their site. A typical SSL Certificate in 1997 when I started my last business was $1,700, and you needed a pretty big server to handle the encryption. With today's technology, this has all changed. The HTTPS protocol is far more efficient, servers are hundreds of times faster, and you can get a free certificate from many hosting providers, which they can install for you in seconds.
Google has always been at the forefront of helping to make the Internet more secure and was one of the original sponsors of the Let's Encrypt project, which provides free SSL certificates for anyone that wants one. Google and other companies have gone to great lengths to remove as many barriers as possible for people wanting to setup HTTPS for their site. With all these changes you would think everyone would flock to install free SSL certificates on their websites, right? Well, not exactly. Many hosting providers do not want to give up this revenue stream and still charge for SSL certificates even though they have access to free certificates from multiple sources. Some hosting companies even charge for Let's Encrypt free certificates, which blatantly violates the terms of service for these certificates.
Last year, Google started using Chrome's dominant market share of 60% to wield their intentions of securing the Internet in a far more forceful manner. In October of 2017 Google updated Chrome to issue a "Not Secure" warning to its users when entering form data on any website that was not using HTTPS. (See image below.) Google has also stated before that the lack of HTTPS would degrade the SERP (Search Engine Result Page) rankings of a website. Google has made it clear in recent years, their search algorithm takes the "quality" of the content on a website into much higher consideration than keywords or other factors. They have also made it clear the security and speed of a website is a metric in that quality analysis. They also announced that at some point in the future they would mark all HTTP pages as "Not Secure."
February 8th, this warning became a reality, as Google announced that beginning in July of 2018 all Chrome users will be issued a "Not Secure" warning when visiting any website that does not support HTTPS. (See image below.) Is the Internet ready for this yet? Probably not. Some hosting companies are still up to their antics of charging for SSL certificates, and people still don't know why they need it. However, there is no indication Google is going to slow down its roadmap to a more secure Internet.
So, why is HTTPS so important?
The first concern is privacy. With all the browser tracking cookies, social integration, and the sheer amount of private information about us on the Internet these days, a tremendous amount of this data is "leaked" from your browser over the Internet when you're on an insecure site. A more significant concern has nothing to do with encryption at all. Today's Internet is full of scams, email phishing and fake look-alike sites that install malware or even bitcoin mining software on your computer. Today it is more important than ever to know that the site you are communicating with is, in fact, the site you think it is. HTTPS helps to solve this with domain validation. SSL certificates only work for the domain name they are assigned making it much more difficult for scammers to fake sites.
Google has made it very clear they are on a crusade to secure the Internet, and not getting onboard will have significant long-term consequences for your website. (See image above.) It's even possible Google will de-rank all insecure sites below any secure sites which could be devastating to a small business. Many hosting providers issue SSL certificates at no extra cost to their customers, including Christian Host. The time to act is now.