Did you receive a notice from Google like the message above? If so, you are not alone. Site owners of domains that haven’t yet made the move to HTTPS (also known as HTTP over TLS, or Transport Layer Security) have been receiving warning messages from Google asking them to “migrate to HTTPS“.
Google has been trying to get site owners to move from HTTP (Hyper Text Transfer Protocol) to HTTPS (Hyper Text Transfer Protocol Secure) for quite some time now. It was nearly 1 year ago when we last blogged about this topic and recommended moving from HTTP to HTTPS. These new warning messages mark a more aggressive approach at trying to have webmasters convert to HTTPS.
Using HTTPS provides additional layers of protection to that data that is transmitted across the web. This includes:
Security is extremely important to Internet users so it’s a big deal to Google.
Google will being showing the security warnings starting in October 2017 with version 63 of Chrome. Google has said they intend on marking all pages that are served over HTTP as “non secure”. You still have time to make the switch so if you’ve been holding off, now is the time to make this happen. Here’s a snippet of text from a recent warning message one of our clients received:
“Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.
The following URLs on your site include text input fields (such as < input type=”text” > or < input type=”email” >) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ data. This list is not exhaustive.”
See the <input type=”email”> in this warning message above? That’s HTML for an input field on a web form that asks for a users email address (like like the example below):
According to the Google Search Console Help webpage: “With any significant change to a site, you may experience ranking fluctuations while Google recrawls and reindexes your site.” So yes, there is a chance of a drop in rankings and traffic. Our own experience is that rankings come back quickly (within a week). For some site’s, rankings and traffic are not impacted at all. Referring to to drops in rankings and traffic related to moving to HTTPS, Google’s Gary Illyes has said that they have “changed a bunch of things on our end to make sure that doesn’t happen.” This was previously the main reason why SEOs have not all been on board with the move to HTTPS in the past. Google’s Illyes (the closest thing we have to a “Matt Cutts” at Google these days) tweeted the following:
If you’re an SEO and you’re recommending against going HTTPS, you’re wrong and you should feel bad.
— Gary “鯨理” Illyes (@methode) August 18, 2015
Specifically talking about the amount of time it would take to recover rankings and traffic, Illyes said “One week is understandable, two weeks, with a stretch. For any longer I’d raise an eyebrow”. Of course, we can’t take every word from Google as truth but I agree with Gary here.
Although we are talking about one additional letter in your URL strings, to Google and other search engines this means your entire site has brand new URLs, so it takes Google time to process this change. The proper way to handle these changes is with a 301 redirect from every HTTP version to the corresponding HTTPS version.
It should be noted that Google has previously indicated that HTTPS is a ranking signal and there is a ranking boost for HTTPS sites. Most likely this will become an even stronger ranking signal than it is today as Google continues to weighs user behavior metrics as a bigger factor in their search engine rankings.
There are many things required to make a proper move, including:
It’s also important to note that SSL certificates expire so they need to be renewed. Depending on the certificate you have, typically renewal is every 90 days to 1 year.
Now more than ever it is time to change to over to HTTPS.