Perhaps I’m showing my age, but I remember when Internet Explorer’s broken image icon looked like this:
The pixelated red X was a common sight in the pioneering days of the ‘modern’ web. Fast forward to 2016, and it looks set to make a comeback – but with far greater repercussions.
Some webpages are more secure than others
Have you noticed how URLs always start with “http”? This stands for “HyperText Transfer Protocol”, one of the foundation technologies of the web. In essence, it’s a set of rules which let browsers and web servers communicate. HTTP arrived in the early ’90s, and – like its contemporary Eldorado – it wasn’t without fault. Communication via HTTP is not encrypted, making it vulnerable to hacking and spoofing attacks.
Enter HTTPS. That extra letter denotes security, as using this protocol encrypts your communications. Once the reserve of banking and payment sites, HTTPS is now found all over the shop – literally! Many ecommerce sites and trusted brands encrypt your whole journey through their websites. (Given it’s a confirmed ranking signal on Google, I fear this isn’t solely altruistic.)
HTTPS: once inessential, then recommended – now essential
At present, browsers reward secure webpages with a green padlock symbol. It’s a way of saying “this page has made the effort to deliver enhanced security, for your benefit”. Pages which are not secure have a much plainer symbol. In Chrome, it’s a page with a folded corner. However, this may be about to change.
In a now-deleted tweet, Google security engineer Chris Palmer shared a screenshot of a new feature in the Chrome browser. Pages served over plain HTTP could soon be demarcated with a red X to highlight that they might not be safe. If it happens on your website, you have to ‘opt out’ – by taking the time (and spending the money) to move to HTTPS.
Google aren’t alone in discouraging interaction with insecure content. The developer release of Mozilla Firefox warns users before they transmit a password via HTTP. This feature will no doubt reach stable, vanilla releases of Firefox soon.
What do SEOs think? And what does it mean for you?
I have mixed feelings about this decision. Google is using its influence to push adoption of a way to protect web users, which is a good thing. Plus, HTTPS enables other acronym-laden technologies like HSTS and HTTP/2. We will be explaining what these do in future blog posts, but suffice to say they are good news for your website.
The downside is that it will leave website users confused. As mentioned, I associate the red X with broken images. Less tech savvy users might reasonably wonder, “Is this website broken? Is my browser broken? Is my internet connection down?”
If you don’t want your users perplexed, you will soon have to move to HTTPS. But even that is a sea of questions! “How do I move? What will it cost? Where do I even begin?!” Migrating your site can be precarious, with minor mistakes causing catastrophic consequences.
But, Google hinted at their desire for a 100% secure web back in 2014. We’ve had plenty of warning. Now, it’s time to take action.
Free guide to moving your website to HTTPS
Suddenly suffering an HTTPS headache? Don’t panic!
RocketMill has prepared the marketer’s guide to moving a non-secure website to secure HTTPS.
We have strived to make our guide comprehensive, yet digestible. Jargon-free, but with the information you need to know. Easy to follow, and easy on the eye. We’ve complemented key steps with graphics and animations – not just telling you what to do, but showing you as well. To give you a flavour of the guide, here are its first two steps:
1. Understand what security certificates are
To serve secure pages, your site needs to hold a security certificate. This is a file which enables encrypted communication between a browser and your website. Think of it as a digital passport which verifies your site’s identity. You may see the terms SSL or TLS, which are technologies used to power HTTPS encryption.
2. Find a certificate authority
Just as you can only get a passport from the Passport Office, you can only get a security certificate from a certificate authority. Your web host may have registered to be a certificate authority. Or, your developers or SEO agency may be happy to recommend one. Either way, ensure they are a reliable, trustworthy company and offer technical support.
If you’d like to view the full HTTPS migration guide, use the button below. If you have any questions, or thoughts, just message the team @RocketMill.