While that announcement may not have had every business with a website running around to swap from the less secure HTTP to HTTPS, the change that’s coming in July 2018 is likely to have a much bigger impact.
When Chrome 68 releases in July, visitors to sites that are only using HTTP will see a message that states ‘Not secure’ in their browser ‘omnibox’. That’s the box at the top of your browser into which you can type in both website URLs and searches.
If you visit a website currently, what you see in the omnibox is the URL of whatever page you are viewing. After the Chrome 68 update, however, you’ll see the words ‘Not secure’ first, followed by the URL.
Obviously, that’s not ideal for any business. No company wants visitors and potential buyers to be told that their ecommerce site isn’t secure before they’ve even had a chance to browse the product categories, never mind make a purchase. And this will happen even if the checkout process is completely secure but the rest of the site doesn’t use HTTPS.
Coming from Google, such a trusted search engine, buyers are likely to take this warning very seriously, and could potentially disappear off to your competitors never to be seen again if they have HTTPS on their site and you don’t, so this piece of news is definitely worth paying attention to.
You might be tempted to think that many people use other browsers rather than Chrome, and does it really matter that much? But Chrome has around 56 percent of the market share so it’s highly likely that many of your potential customers will see that warning notice. There’s also nothing to say that other browsers won’t follow suit with their own warnings eventually.
The fact is, there are too many hackers, fakes and spammers out there for customers to take a risk on a site that’s clearly marked as unsecure, when there are plenty of alternative sites available that do use HTTPS. Such a warning really could be the death knell for any ecommerce site.
Why are Google doing this? According to their latest post provided to The Register, they want to ensure that web users understand that not every HTTP site is secure, and to basically move the whole web across to HTTPS by default.
And they’re highly likely to get their way. Who can afford to argue with Google? And with so many sites already switched over (Google’s own stats show that more than 68% of Android and Windows traffic on Chrome is over HTTPS, and it’s even more on macOS, iOS and Chrome OS at 78%), chances are most people will follow.
So what do you need to do? We could get really technical here, but what you need to do is arrange an SSL certificate for each site you own, change your website links to HTTPS from HTTP so they don’t break after you switch over, and set up 301 redirects from the old HTTP to the new HTTPS so that all the search engines know your site addresses have changed over. The redirects will also update people’s bookmarks to reflect the change.
Reading that and thinking it might as well be written in Martian? You’re not on your own. The good news is that Google has a free tool called Lighthouse to help your IT/developer team find the areas of your website that still need to be changed to HTTPS, and if you don’t have your own IT department, talk to us and we will be happy to help.
Whatever you do, don’t take the risk and stick with HTTP. You can’t afford to be branded ‘not secure’ as the first thing people see when they visit your site.