Google had made an announcement in September last year that they will soon start to mark ‘Not Secure’ (HTTPS not secure warning) in the browser URL bar to any pages that weren’t secure and asking for passwords or credit card details, well…

…its happening!

HTTPS Non secure warning from Google Search Console

A number of my connections on LinkedIN and Facebook have emailed and asked me about this notification they received on their Google Webmaster Tools (Search Console) account.   See example below…

https non secure collection of data warning

 

Why should you take note about the HTTPS not secure warning on Google Chrome?

There are two main reasons why you ultimately should do it and no time is better than the present, because its rolling out and Australian’s will soon start to feel the effects.

SEO or Search Engine Optimisation / Rankings

Back in 2014 Google had announced HTTPS as a ranking signal.  Google has always been about improving their customer’s (user’s) browsing experience.  With so many users browsing to sites that aren’t secure when collecting credit card details or logging in, Google wanted to help push for a better internet experience.

Recently the push has become more apparent and nicely leads into point 2…

User Experience and confidence

As consultants we are always looking at improving the user experience, getting more conversions for our clients.  Well how would a user feel on a payment screen when the browser is yelling out “THIS SITE IS NOT SECURE“.  Or as more users are getting savvy and conscious about suspicious behaviour, even entering in their passwords on a non-secure site is going to make them ask questions.  If they ask too many questions, they will just bounce off your page and leave.

Conversion…aborted!  LOST.

Now if we could avoid this, then why wouldn’t we?  Our user’s will love us and so will our conversion stats.

So lets get into it…

 

The Non Secure warning in Chrome and how to avoid it

To ensure safe browsing, Chrome displays connection security with an icon in the URL bar. Chrome has recently started to mark non-secure pages that collect passwords or credit cards as Not Secure in the URL bar. To avoid the non secure warning label, you will need to secure your traffic with HTTPS and follow security guidelines.

To test the user experience you can install the Google Chrome Canary build (https://www.google.com.au/chrome/browser/canary.html).

IMPORTANT NOTE:  Make sure you know what you are doing here so you don’t use Canary just yet as it’s still in BETA and the site says clearly it crashes a lot.

non secure https bad ssl warning

Image courtesy of support.google.com

Chrome ‘Not Secure’ warning appearing in the URL bar for a site with an HTTP connection

To check the security of the site, follow the steps below:

  1. Open your page in Chrome on your computer
  2. Look at the security status to the left of the web address

A secure site will display the word Secure with a padlock next to it .

If the words Info, Not Secure or Dangerous appear, then you know the site is not secure (see below)

https non secure and secure warnings

3. You can click on the icon to see the website’s details and permissions.

To make sure the Not Secure warning is not displayed on your page, make sure all forms containing <input type=password> elements and any inputs detected as credit card fields are present only on secure origins. This means that the top-level page must be HTTPS and, if the input is in an iframe, that iframe must also be served over HTTPS. If your site overlays an HTTPS login frame over HTTP pages as displayed in the image below:

https non secure warning on popups and modals

Image courtesy of support.google.com

You should change the site to use HTTPS for the entire site. Alternatively you can redirect the browser window to an HTTPS page containing the login form as displayed below:

https non secure warning on popups redirect

Image courtesy of support.google.com

Ultimately, you should plan to migrate your entire site to use HTTPS to ensure that there are no HTTPS not secure warning on any of your pages.

IMPORTANT NOTE:  You do need to look at how your site is currently setup in reference to your links, does it have any absolute URL’s or a combination of relative and absolute URL’s?  This is where it can get tricky so you will need to ask your web developer for some help.  Please don’t take this part likely…it will break the links in your site.

The detailed guide to migrating from http:// to https://

I tried not to go into too much detail in my blog to simply inform, but if you wanted to know more or to work closely with your web dev on this, please refer to the following blogs. They go in depth and are very technical about the implications and the how-to.

Search Engine Land: http://searchengineland.com/http-https-seos-guide-securing-website-246940

Fili Wiese: https://online.marketing/guide/https/

If you have any questions about ensuring the security of your website, please give Rodney a call on 1300 131 932 or contact us.