Jason Parms

Pay attention, webmasters! If you’ve been taking an SSL certificate for granted until now and your websites are running without one, you’re up for some serious trouble. Google wants you to get an SSL certificate within six months, or else you may start seeing a significant drop in your traffic from October.

Google is expanding its efforts to push notification in search console (formerly webmasters) for enabling encryption on their websites, and in order to do so, it has planned a series of steps to be taken. Riding on the popularity of its Chrome browser Google is going to give some serious trouble to all those webmasters who don’t secure the connections to their website with SSL certificates by October.

Google’s Plan to Expand SSL Installation Base

Google has come out with a multi-step plan to expand the installation base of SSL certificates among websites. It has already taken the first step in that direction, and now it’s going to take the second one in October. The steps are:

  1. The first step was to start using ‘Not Secure’ address bar label on all those sites that collect passwords or credit card data. This has already been done in January with the rollout of Chrome 56. For others, there’s an exclamation mark inside a circle as of now, which upon clicking tells the user that their connection with the site is unsecured and information they submit to the site can be interrupted by unknown parties. In Chrome 62, the ‘not secure’ label will show up consistently even if user is browsing through an incognito window.

    not secure warning incognito http

  2. The next step in line is to start showing that prominent ‘not secure’ label on all websites that are running without SSL certificates – not just those that collect passwords or credit card data. This will happen in October with the rollout of Chrome 62, Chrome users will type anything (not just a password or payment information) in any form field or search box on an HTTP site they’ll see the warning label.

    http search chrome 62

This second step is much more significant because most web sites include at least a search bar that their visitors use to find things. And according to Google the first step alone (the one that it took in January) has led to a 23% decline in traffic of unsecured web pages – now think what can be the effect of this step!

What’s more important is that Google isn’t going to stop there – in its official blog post announcing the move, it has said that eventually, it’ll start showing the label consistently for all HTTP websites even outside of incognito mode. And reports also suggest that eventually, it may replace the symbol of that warning label with an exclamation mark inside the circle to an exclamation mark inside a red triangle, which will certainly look more horrible to users and thus draw their attention more quickly than the current symbol.

Firefox Also on the Same Track

What makes this whole development more important is the fact that it’s not just Google pushing webmasters for SSL certificates. In January Mozilla Firefox also started showing in-context warnings for unsecured payment and login pages.

The warnings show up in small pop-ups right below the password/payment information form fields. While that’s not as serious as flagging the whole site as not secure, there’s no guarantee that Firefox will not follow the steps of Google. And if that happens, unsecured websites can lose a major chunk of their traffic as Chrome and Firefox have a market share of 53% and 6%, respectively. In fact, if you look at these figures, it should not be difficult to get that Chrome alone implementing its warnings can wipe out a significant chunk of traffic from unsecured websites.

The Professional Approach to Security

So, in a nutshell, if you’re not on HTTPS, you’re up for some serious trouble. There’s a time of six months for you to install an SSL certificate on your web server and avoid the disaster that next major Chrome update may bring. And not just for the sake of Google pushing you to do so – you should also think from the perspective of your users. They’re sharing their information with you, so it’s your responsibility to ensure the security of that information.

In order to help you install an SSL certificate Google has also put up a set-up guide describing all the steps involved in its procedure. Plus, it’s also much easier and more affordable to set up SSL certificates nowadays than it was a few years ago. There’re many types of certificates available from many different companies so you can flexibly choose the one according to your needs. All major websites have already moved to the standard. All these things don’t really leave a reason to avoid or delay the installation of an SSL certificate. Therefore, you should get digital certificate for your online applications.