Bad news if you haven’t made the switch to full HTTPS. Google is now penalising non-encrypted websites that require any kind of personal information, even if you’re not an eCommerce store requiring a credit card.

If your site is not yet HTTPS, from now on your Chrome-using customers are going to see this horrible little warning in their web browser bar:

In the coming months, Google Chrome will go a step further and show a big red warning which is likely to scare all your potential new customers away. Would you put in your personal details or buy something if you saw this warning? 

This warning is going to affect your bounce rate by scaring away new customers who don’t know and trust you yet, especially if you’re an eCommerce store. 

60% of web users use Google Chrome, so this warning may have a huge impact on any business who hasn’t yet gone over to HTTPS. Microsoft and Mozilla Firefox is also offering a similar warning to their users, so you’re running out of places to hide if you’re still trading from an unsecured HTTP website.

You’re running out of places to hide if your website isn’t fully HTTPS encrypted.

I won’t get into the technical jargon of what HTTPS is, except to say it’s ensures a higher level of data security for your website than HTTP (the S stands for secure), and here’s the most important thing: Google wants you to use it.

What Google wants, Google gets, simply because they’re pretty much the only game in town if you want to succeed online!

If you’re thinking that you’ve fallen behind, don’t feel so bad. Some of Australia’s major retailers haven’t bothered converting to full HTTPS yet either, for example take a look at the Katies example below. It’s not just small businesses that are lagging behind.

Remember, a HTTPS website is the only kind of site which will be marked by Chrome as “secure”. 

Your only choice now is to update your SSL certificate and convert your site to be full HTTPS throughout your entire site.

The sooner you can update your website to HTTPS the sooner you can get rid of that warning and take advantage of the improved rankings and faster page load times that come naturally with having a HTTPS site.

How to make your website full HTTPS

1. Get a new SSL Certificate

Obtain a 2048-bit encrypted SSL certificate. For most people, a multiple domain certificate will work fine. If you’re a growing business, I generally recommend the GeoTrust True BusinessID with EV SSL so you not only have the secure padlock, but your whole browser bar is green – it’s a big visual signal of trust and security. Of course, if in doubt, ask your SSL issuer/local geek for more info.

Just a little note, when not freelancing as a content writer, I work for Melbourne IT s an eBusiness Consultant. We sell SSL certificates for less than the supplier direct price if you went direct. I have no idea how we manage to keep the price so low, but we do. If you don’t believe me, check it out for yourself!

P.S. If you ask to speak to Melissa in the Melbourne sales office (phone 1300 793 248) and mention this post on Contentguru.com.au I’ll do you an even better deal 🙂

2. Remove HTTP References from your site

Check anything embedded on your pages, all the links have to be HTTPS. If you use a lot of YouTube videos on your site, you’ll have to go back to YouTube, and get a fresh link. Also, if you use a CDN, you need to make sure that your CDN supports HTTPS. This is a tedious but critical step to getting it right.

3. Redirect your HTTP site to HTTPS

Once all the above is sorted, you will have to update the configuration of your website, so all of the HTTP pages redirect to the equivalent HTTPS pages. Most CMS systems like WordPress, Magento and Joomla have an area in the admin panel where you can set this quite easily. You could also do a global htaccess redirect to https – but you’ll likely need your developer’s help with that – and there can be some issues with that method, so let your content management system handle it.

4. Setup Google Search Console

You will then need to add the HTTPS version to your Google Search Console and verify your ownership of it (because Google sees the HTTP and HTTPS versions of your domain name as different entities – go figure).  Then you will need to update the sitemap location for the HTTPS version. Don’t delete your old HTTP sitemap from your website – Google wants you to re-submit it into your old search console so it can see the 301 redirects.

5. Update your Google Analytics

Update your web property’s configuration in Google Analytics. You want to make sure you are still recording all your important data on the correct web address. 

6. Run a crawler to check all is OK

Once all your redirections and sitemaps are in place, you’ll need to check the conversion worked. You can use something like Screaming Frog to do a protocol check to make sure the only HTTP references are ones that are external links and not actually part of your site. This will avoid any internal pages giving your readers non-secure warnings.

And voila!

Once you’ve made the move you’ll get that trusty green browser bar (assuming you bought the extended validation (EV) SSL – which is what I recommend if you can afford it). It will look something like this:

Google has spoken: HTTPS isn’t just the future, it is the now. So ditch your HTTP. 

You should switch over to HTTPS as soon as possible. You’re pretty much being held over a barrel until you do. The upside is, not only does it make your website and your users’ sensitive information safer, it also allows your website to load faster and Google will favour your website over your competitors who haven’t switched over – and that’s all gotta be good for business!