20+ days till Google start penalizing websites without HTTPS


Tag Archives: SSL

20+ days till Google start penalizing websites without HTTPS

So, just yet another thing for a final countdown.

First, it was infamous GDPR (btw, does anyone hears ‘bout it after the 25th May, or is just us who hear the community silence?)

Now, Google takes its turn. And, as we all hear, the web is officially going full HTTPS only, and yes, it has been going there for many years. We’ve seen an acceleration in the progress in recent months but we still have a long way to go on our journey of securing all traffic on the internet. Despite the great progress we’re making, and all the valid reasons we should continue to do so, there are people who believe having a secure web is not the right thing to do.

Less than one month from today, on July 23, out beloved Google will start prominently labeling any site loaded in Chrome without HTTPS as “Not Secure”.

Google has announced its plans back in February, and back then, the percent of sites loaded over HTTPS clocked in at 69.7%. Just one year prior to that only 52.5% of sites were loaded using SSL/TLS—the encryption protocol behind HTTPS — tremendous progress has been made!

Unfortunately, quite a few popular sites on the web still don’t support HTTPS (or fail to redirect insecure requests) and will soon be flagged by Google.

HTTPS is the new black

Just go and scan Alexa Top 1 Million, the million largest sites on the wild wide web, and measure many different metrics about their security. The growth of HTTPS is not only being maintained but it’s actually accelerating.

No matter which way you look at the data, and no matter which way you measure it, usage of HTTPS is going through a huge growth phase right now. In the 6 months up to that report, we saw a 32% growth in the use of HTTPS in the top 1 million sites.

Mozilla tracks anonymous telemetry from Firefox browser and they have seen a staggering growth in the rate of pages being loaded over HTTPS.

The data shows that 75% of page loads in Firefox now take place using HTTPS instead of HTTP. 

Last but certainly not the least, the biggest browser of them all also reports the exact same thing. Chrome telemetry puts the figures pretty much right on 75% too.

This trend has been showing for a long time. In fact, there isn’t any data I can find that shows there was ever a decrease in the amount of HTTPS on the web. It has always been increasing since as far back as data goes so this is nothing new, we’re just making much better progress in recent years.

Cloudflare people spent some time scanning the top one million sites too, and here’s what they learned about the 946,039 reachable over plaintext (unencrypted) HTTP.

If you were to ask the operators of these sites why they don’t protect themselves and their visitors with HTTPS, the responses you’d get could be bucketed into the following three groups: “I don’t need it”, “it’s difficult to do”, or “It’s slow”.

And guess what? None of these are legitimate answers, but yes — they’re common misconceptions so let’s take each in turn.

Myth #1: “HTTPS is difficult to deploy”

This was true.. in the mid-1990s. But hey, today, in2018, we can all honestly say that things have changed for the better.

Thankfully, we’ve come a long way since then. Today, you can protect your site with HTTPS in a matter of seconds, for free, either by signing up for Cloudflare or using a CA such as Let’s Encrypt.

We at AltusHost provide FREE SSL with *all* our web hosting packages because we care about our collective online privacy and security.

Myth #2: “I don’t need HTTPS”

This argument is the most puzzling, especially when spouted by people who should know better. Even if you don’t care about performance (see myth #3), surely you care about the safety and privacy of those visiting your site.

Without HTTPS, anyone in the path between your visitor’s browser and your site or API can snoop on (or modify) your content without your consent. This includes governments, employers, and even especially internet service providers.

If you care about your users receiving your content unmodified and being safe from maliciously injected advertisements or malware, you care about — and must use — HTTPS.

Besides safety, there are additional benefits such as SEO and access to new web features: increasingly, the major browser vendors such as Apple, Google, Mozilla, and Microsoft, are restricting functionality to only work over HTTPS. As for mobile apps, Google will soon block unencrypted connections by default, in their upcoming version of Android. Apple also announced (and will soon hopefully follow through on their requirement) that apps must use HTTPS.

Myth #3: “HTTPS is slow”

Lastly, the other common myth about HTTPS is that it’s “slow”. This belief is a holdover from an era when SSL/TLS could actually have a negative performance impact on a site, but that’s no longer the case today. In fact, HTTPS is required to enable and enjoy the performance benefits of HTTP/2.

Detractors typically think HTTPS is slow for two primary reasons:

1) It takes marginally more CPU power to encrypt and decrypt data; and

2) establishing a TLS session takes two network round trips between the browser and the server.

When HTTPS content is served from the edge, typically 10-20 milliseconds away from your users in the case of Cloudflare, SSL/TLS enabled sites are incredibly fast and performant. And even when they are not served from an edge provider it bears repeating that SSL/TLS is not a performance burden! There’s really no excuse not to use it.

Pro tip: Advanced users should also consider using HSTS to instruct the browser to always load your content over HTTPS, saving it a round trip (and page load time) on subsequent requests.

If you’re trying to protect your and your customers’ online privacy and security, reach out and we can help you with this process.

9 Reasons Why SSL Will Save Your Business Day

You’ve probably noticed a little green padlock right next to “Secure” sign and URL of your e-banking, online shop, PayPal or similar websites which require your personal data. That little green thingy called SSL is your ticket to secure surfing, encrypted data aka safe communication, and represents a sort of a “reliable website/company” badge.

A bit of nerd talk to set up some ground info: SSL stands for “secure sockets layer” and is a form of security for sites that handle sensitive data such as client names, phone numbers, addresses and credit card information.

SSL is fundamental for any site that sells goods or services as it guarantees that all information handled remains private and secure. It creates a secure connection between a customer’s web browser and the server of the company they’re associated with.

One of the most recognizable ways (other than a padlock) for customers to see whether a site has encryption in place, is seeing of the https protocol instead of regular http.

Shoppers today are educated in a manner to look for these things before making any online purchases.

What is more, statistics prove that by not having SSL, impact on the business will be tremendous. According to Gartner, 70 percent of people shopping online has canceled an order because they did not trust the website. Yet, 64 percent of those shoppers claimed that they would have finished the purchase if a website had an SSL certificate in place.

So, let us tell you a few things about advantages and benefits of SSL for your business.

1. Encrypts data

Transferring the message to the end user, or intended party without further noise and interference is the job done by encrypting information which is indeed is the major job for SSL. Data submitted on web forms often passes through more than one computer before reaching its final destination, and the more “stops” it has to make, the higher the chance that a third party could get to it.

In case that the information ends up in the wrong hand after characters are being inserted, information becomes unusable. Only the proper encryption key is able to translate the meaning of information.

2. Provides Authentication

When acquiring SSL certificate there is another type of protection and validation given, it is called a server certificate. This certificate is considered to be a mediator between browsers and SSL servers. This ensures that information is transferred to the correct server without being intercepted. Documents given are at customers disposal and anyone can view it and validate if the SSL certificate of the site is up to date to ensure that the information that they are willing to place on the page is original and safe not fraud.

3. Fundamental component of payment processingWithout further ado, there are some policies that need to comply. Namely, Payment Card Industry compliance indicate that e-commerce needs to have an SSL certificate with the appropriate encryption of at slightest 128-bit. What is more, SSL needs to come from a trusted source, to have the appropriate strength of encryption together with private connection for every page that is having paying process. Without those standards in place, a site won’t be able to take credit card payments.

4. Guards Against Phishing

SSL certificates are not easily obtained. Fraud sites or fake sites that have an aim to steal credit card information through advertisements or phishing emails or malicious user will have a difficult time getting a true SSL certificate. At this point, customers are informed just enough to go away from sites that are not SSL protected without entering any information.

5. Offers Added Brand Power

We’ve said that ‘https’ is one of the visible forms that site obtains alongside with icon. However, companies also display images and site seals to show well-trusted encryption is in use. By showing these symbols it further gives clients level of security that information provided will end to where it has been intended.

6. Business Future Proofing

A step forward in proofing validity and the security level is EV SSL. This security measure meets bigger risks that come with e-commerce today. Not many companies have this today, yet it is a really important step into future proofing.

7. Improves Customer Trust

All of the named elements are joined together to form trust bond between a customer and a business. E-shoppers seek reassurance that their sensitive personal information is secure as it ‘travels’ through cyberspace, by providing SSL is the best way to make them comfortable.

8. SSL certificate improves SEO

One of big elements for your site to climb as Google’s Search top result will happen extensively with the help of search engine optimization (SEO). Much is needed to contribute to this results, quality content, adequate keywords, Google AdWords and UX website with great design.

Hence, to maintain well on Google and perhaps upgrade it is very advisable to add an SSL  to your site. From Google’s angle, SSL shows that site is “trusted and certified” and it will further reward it.

9. Descriptional clarificationAlthough direct benefits in correlation to having  SSL have been explained, we’d like to describe you operational part of SSL by correlating it to the real-life scenario.

When a customer enters a secure website they seek authentication and identification from the web server, which is presented through its SSL certificate. It is very much similar to what we have in real life, and that is identification card ‘personal ID’. The website cannot simply say I am “May’s” company it needs a trusted certificate provider to prove their identity. Back-and-forth communication is needed for identification process to take place by which customers do not get fooled.  

Keeping in mind what we’ve just listed above, SSL is most certainly the very least of guaranteeing the security of information exchange and communications over client and server. No site or application ought to be without it, and all people are advised to keep their information on secure sites only.

Search entire Blog

Subscribe Now

10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!

Tags