Post by PickyChicky on Sept 6, 2017 11:53:55 GMT -6
Lately, I've been seeing more and more reports from people, mostly those who sell online, about a highly visible security warning they're getting when visiting a site saying that the site is not secure. Naturally, it has shop/website owners concerned that these warnings will scare off their customers. So I've been doing my research and came across Google's blog article on the subject. The following summarizes key information found there:
For some time now, Google has been pushing to make the web more secure, which is a good thing, but does have the potential of killing sites that don't comply. It's been a gradual process that many website owners weren't even aware of, but now is the time that Google is cracking down on sites lacking security.
Google has already begun requiring sites to be secure (starting with HTTPS) on their Chrome browser in order for them to be given favorable attention in search results. Furthermore, if you have a Blogger blog (another Google product), you can no longer post widgets that come from sites that are not secure.
Favoring secure sites in search results on Chrome will effectively reduce the search ranking of sites that are not secure each time their link(s) meet the search criteria. What's worse is that reduced ranking will stick no matter which browser a user is searching with. So, for sites that get a lot of traffic from Chrome users, this would quickly cause a significant decrease in traffic and eventually reduce it to nil.
So, yes, many browsers are now noticing a lot of sites that come with a very visible warning that it's not secure. Ever since I started seeing these reports from others, I've been noticing that many sites I visit do have secure pages -- even those pages that do not request personal info (ie, login page, checkout page, contact pages with forms, etc.).
Unfortunately, on marketplace sites that don't secure every page, it would seem that this warning pops up when a user is not logged into their account. That alone could cause users to not want to log in at all, thinking the site has somehow been compromised. That's something the site's sellers have no control over. It's entirely up to the marketplace owner to ensure they're not scaring off traffic.
Furthermore, there are those small business owners who can't afford pricey SSL certificates for their own websites. So, they are certainly going to be negatively impacted as it will hurt their SEO. Not only will they have to worry about losing their search ranking in Chrome, but their visitors will see that very visible warning that the site is not secure. Naturally, they'll think the site has somehow been compromised and will immediately click out. This will, in turn, cause their site's bounce rates to increase exponentially and the site's search ranking will plummet.
This is only supposed to affect pages that require the entry of personal info (login pages, checkout pages, contact pages with forms, etc.), but it's unclear if Google plans to apply this to ALL pages. Their blog article link to above explains everything else more in depth, but near the end they say:
If they do start doing this on all pages, it will surely kill sites that don't acquire an SSL certificate for the whole site. So, I'm going to see if I can get a clear answer regarding that very important detail and will let you know what I find out.
For some time now, Google has been pushing to make the web more secure, which is a good thing, but does have the potential of killing sites that don't comply. It's been a gradual process that many website owners weren't even aware of, but now is the time that Google is cracking down on sites lacking security.
Google has already begun requiring sites to be secure (starting with HTTPS) on their Chrome browser in order for them to be given favorable attention in search results. Furthermore, if you have a Blogger blog (another Google product), you can no longer post widgets that come from sites that are not secure.
Favoring secure sites in search results on Chrome will effectively reduce the search ranking of sites that are not secure each time their link(s) meet the search criteria. What's worse is that reduced ranking will stick no matter which browser a user is searching with. So, for sites that get a lot of traffic from Chrome users, this would quickly cause a significant decrease in traffic and eventually reduce it to nil.
So, yes, many browsers are now noticing a lot of sites that come with a very visible warning that it's not secure. Ever since I started seeing these reports from others, I've been noticing that many sites I visit do have secure pages -- even those pages that do not request personal info (ie, login page, checkout page, contact pages with forms, etc.).
Unfortunately, on marketplace sites that don't secure every page, it would seem that this warning pops up when a user is not logged into their account. That alone could cause users to not want to log in at all, thinking the site has somehow been compromised. That's something the site's sellers have no control over. It's entirely up to the marketplace owner to ensure they're not scaring off traffic.
Furthermore, there are those small business owners who can't afford pricey SSL certificates for their own websites. So, they are certainly going to be negatively impacted as it will hurt their SEO. Not only will they have to worry about losing their search ranking in Chrome, but their visitors will see that very visible warning that the site is not secure. Naturally, they'll think the site has somehow been compromised and will immediately click out. This will, in turn, cause their site's bounce rates to increase exponentially and the site's search ranking will plummet.
This is only supposed to affect pages that require the entry of personal info (login pages, checkout pages, contact pages with forms, etc.), but it's unclear if Google plans to apply this to ALL pages. Their blog article link to above explains everything else more in depth, but near the end they say:
"Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS."
If they do start doing this on all pages, it will surely kill sites that don't acquire an SSL certificate for the whole site. So, I'm going to see if I can get a clear answer regarding that very important detail and will let you know what I find out.