20+ days till Google start penalizing websites without HTTPS

20+ days till Google start penalizing websites without HTTPS

So, just yet another thing for a final countdown.

First, it was infamous GDPR (btw, does anyone hears ‘bout it after the 25th May, or is just us who hear the community silence?)

Now, Google takes its turn. And, as we all hear, the web is officially going full HTTPS only, and yes, it has been going there for many years. We’ve seen an acceleration in the progress in recent months but we still have a long way to go on our journey of securing all traffic on the internet. Despite the great progress we’re making, and all the valid reasons we should continue to do so, there are people who believe having a secure web is not the right thing to do.

Less than one month from today, on July 23, out beloved Google will start prominently labeling any site loaded in Chrome without HTTPS as “Not Secure”.

Google has announced its plans back in February, and back then, the percent of sites loaded over HTTPS clocked in at 69.7%. Just one year prior to that only 52.5% of sites were loaded using SSL/TLS—the encryption protocol behind HTTPS — tremendous progress has been made!

Unfortunately, quite a few popular sites on the web still don’t support HTTPS (or fail to redirect insecure requests) and will soon be flagged by Google.

HTTPS is the new black

Just go and scan Alexa Top 1 Million, the million largest sites on the wild wide web, and measure many different metrics about their security. The growth of HTTPS is not only being maintained but it’s actually accelerating.

No matter which way you look at the data, and no matter which way you measure it, usage of HTTPS is going through a huge growth phase right now. In the 6 months up to that report, we saw a 32% growth in the use of HTTPS in the top 1 million sites.

Mozilla tracks anonymous telemetry from Firefox browser and they have seen a staggering growth in the rate of pages being loaded over HTTPS.

The data shows that 75% of page loads in Firefox now take place using HTTPS instead of HTTP. 

Last but certainly not the least, the biggest browser of them all also reports the exact same thing. Chrome telemetry puts the figures pretty much right on 75% too.

This trend has been showing for a long time. In fact, there isn’t any data I can find that shows there was ever a decrease in the amount of HTTPS on the web. It has always been increasing since as far back as data goes so this is nothing new, we’re just making much better progress in recent years.

Cloudflare people spent some time scanning the top one million sites too, and here’s what they learned about the 946,039 reachable over plaintext (unencrypted) HTTP.

If you were to ask the operators of these sites why they don’t protect themselves and their visitors with HTTPS, the responses you’d get could be bucketed into the following three groups: “I don’t need it”, “it’s difficult to do”, or “It’s slow”.

And guess what? None of these are legitimate answers, but yes — they’re common misconceptions so let’s take each in turn.

Myth #1: “HTTPS is difficult to deploy”

This was true.. in the mid-1990s. But hey, today, in2018, we can all honestly say that things have changed for the better.

Thankfully, we’ve come a long way since then. Today, you can protect your site with HTTPS in a matter of seconds, for free, either by signing up for Cloudflare or using a CA such as Let’s Encrypt.

We at AltusHost provide FREE SSL with *all* our web hosting packages because we care about our collective online privacy and security.

Myth #2: “I don’t need HTTPS”

This argument is the most puzzling, especially when spouted by people who should know better. Even if you don’t care about performance (see myth #3), surely you care about the safety and privacy of those visiting your site.

Without HTTPS, anyone in the path between your visitor’s browser and your site or API can snoop on (or modify) your content without your consent. This includes governments, employers, and even especially internet service providers.

If you care about your users receiving your content unmodified and being safe from maliciously injected advertisements or malware, you care about — and must use — HTTPS.

Besides safety, there are additional benefits such as SEO and access to new web features: increasingly, the major browser vendors such as Apple, Google, Mozilla, and Microsoft, are restricting functionality to only work over HTTPS. As for mobile apps, Google will soon block unencrypted connections by default, in their upcoming version of Android. Apple also announced (and will soon hopefully follow through on their requirement) that apps must use HTTPS.

Myth #3: “HTTPS is slow”

Lastly, the other common myth about HTTPS is that it’s “slow”. This belief is a holdover from an era when SSL/TLS could actually have a negative performance impact on a site, but that’s no longer the case today. In fact, HTTPS is required to enable and enjoy the performance benefits of HTTP/2.

Detractors typically think HTTPS is slow for two primary reasons:

1) It takes marginally more CPU power to encrypt and decrypt data; and

2) establishing a TLS session takes two network round trips between the browser and the server.

When HTTPS content is served from the edge, typically 10-20 milliseconds away from your users in the case of Cloudflare, SSL/TLS enabled sites are incredibly fast and performant. And even when they are not served from an edge provider it bears repeating that SSL/TLS is not a performance burden! There’s really no excuse not to use it.

Pro tip: Advanced users should also consider using HSTS to instruct the browser to always load your content over HTTPS, saving it a round trip (and page load time) on subsequent requests.

If you’re trying to protect your and your customers’ online privacy and security, reach out and we can help you with this process.

VPS vs Private Cloud: What’s the Difference

Virtual Private Server

This is something which is, for most of you, pretty known info: VPS is Virtual Private Server.

In a few words, VPS is a virtual machine sold by the internet hosting service. An own copy of operating system is run by VPS. Along with that, the customers may have superuser-level access to the operating system.

A virtual private server acts as an independent dedicated server through the server may contain other virtual environments and it also runs its own operating system copy. Along with that, the users have administrative rights to their VPS and they can also install their own instances of various applications such as MySQL, Apache, and PHP. 

A private cloud

Well, you can say that It is a particular model of cloud computing. It involves a distinct and secure cloud-based environment in which only the specified client can operate.

As compared to other cloud models, private clouds using an underlying pool of physical computing resource will provide computing power as a service within a virtualized environment. However, under the private cloud model, the cloud is only accessible by a single organization, therefore the organization has greater control and privacy.

Differences between VPS and a Private Cloud:

1.  A virtual private server is a single physical server, but it is split up between a limited number of users while a private cloud uses distributed resources across multiple physical servers.

2. Another difference between VPS and a Private Cloud is the location of the hardware. A virtual private server is generally hosted at an off-site, third-party web hosting provider. A private cloud is situated on-site or at a data center.

3. A VPS requires you to upgrade your service manually, send in a support ticket to the provider, or call to get tech support to provide you with the resource needed, therefore a private cloud more convenient in this regard. As the cloud control panels are built with quick provisioning and deployment in mind.

4. Another major difference is that a private cloud is rather expensive in terms of hardware, because, with it, you’ll be bearing with a lot the cost of the hardware, installation, setup, and maintenance. On the other hand, a virtual private server is less expensive and even cheaper than dedicated server hosting. Therefore in terms of cost, the VPS wins out every time.

5. In VPS no file or data access occurs between VPS clients on the shared server. They are kept separate while in a private cloud if a physical server fails, cloud servers are migrated to another physical server without experiencing an outage.

6. Virtual Private Servers are not scalable. Storage is based on physical server limitations. Once you meet your max VPS capacity, you have to either buy more space or look into other options. This could take many hours or days of downtime to migrate to a new solution. On the other hand, Private Cloud Servers are scalable. This means that they add more server power in a moment’s notice.

About the Author: Barbara Morgan has been writing how-tos, tech articles and more for almost two decades her main focus is UNIX, but she also covers a lot from open source software projects. She often writes posts for hostiserver.com 

Search entire Blog

Subscribe Now

10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!