What do Google Chrome’s new SSL requirements mean for your website?

What do Google Chrome’s new SSL requirements mean for your website?

Do you know your HTTP from your HTTPS? With data protection and cybersecurity firmly in the spotlight, a big change to Google Chrome means there’s now another step you need to take to ensure people continue to use your website with confidence.


What’s changing?

We’re used to website addresses starting with HTTP. It has been a global standard since the internet began and, unless you’re really passionate about all things web-related (we are!), you probably don’t really know – or care – what it means (“Hyper Text Transfer Protocol” if you’re interested i.e. how information is shared around the web).

When we’re looking for extra reassurance that a website is going to look after our data, most of us know that a padlock in front of a website address is a good thing: it means the website is genuine and will encrypt our data, keeping our information secure and encrypted. We can shop or share details with peace of mind.

Now – bear with us while we get technical for a moment – that little padlock indicates that a website has an SSL Certificate and the website address will start with HTTPS. Until now, the extra layer of encryption this provides hasn’t been relevant for many websites but thanks to our friends at Google, that’s about to change.


“But my website doesn’t capture data”.

You’re still going to need a SSL Certificate. Here’s why.

In a bid to help users stay safe on the web, Google has introduced a major new feature in its latest Chrome 68 update. From July 2018, Chrome will mark any HTTP website as “Not Secure.” Visitors to your website will see a prominent warning that any information shared with your site is at risk and you are not to be trusted. And if Google doesn’t trust you, why should they?

Does this matter?

Oh yes. Consider the experience of your website users. If Chrome is advising you that your data is at risk if you visit a website, you’re going to head to a competitor site pretty swiftly.

Your website visitors need to trust you to engage with what you’re offering. This perceived lack of care for their security has the potential to lose you sales, damage your brand and risk your reputation. Your competitors are mere clicks away: don’t make it easier for them to steal your traffic.


You need to take action now!

A lot of websites are going to see a huge decline in visitors: make sure yours isn’t one of them. Check whether your site has an SSL Certificate and take steps to ensure you don’t jeopardise trust in your business. Where Google goes other browsers will certainly follow and there could be an impact on how Google ranks your website.


What’s the process for switching to HTTPS?

If you are familiar with the backend of a website, then switching to HTTPS is fairly straightforward in practice. The basic steps are as follows.

  1. Purchase an SSL certificate and a dedicated IP address from your hosting company.
  2. Install and configure the SSL certificate.
  3. Perform a full back-up of your site in case you need to revert back.
  4. Configure any hard internal links within your website, from HTTP to HTTPS.
  5. Update any code libraries, such as JavaScript, Ajax and any third-party plugins.
  6. Redirect any external links you control to HTTPS, such as directory listings.
  7. Update htaccess applications, such as Apache Web Server, LiteSpeed, NGinx Config and your internet services manager function (such as Windows Web Server), to redirect HTTP traffic to HTTPS.
  8. If you are using a content delivery network (CDN), update your CDN’s SSL settings.
  9. Implement 301 redirects on a page-by-page basis.
  10. Update any links you use in marketing automation tools, such as email links.
  11. Update any landing pages and paid search links.
  12. Set up an HTTPS site in Google Search Console and Google Analytics.

In terms of the setup of the SSL certificate — points one and two above — this is fairly straightforward, and your hosting company will be able to assist you.

Also bear in mind that for a small website this will be fairly straightforward, as some of the above points won’t apply in scenarios such as code libraries and CDNs. However, for a larger site, this is hardly a non-trivial event and should be managed by an experienced webmaster. That’s where we come in!


Let us help you…

Above Digital can help you understand what your current security protocols are and make sure you have the right certificates in place.

We’re passionate about helping our clients interact with the people that matter to them online: contact us to find out how we can increase the impact of your brand.