Google Search Console Warning Message for HTTP sites

Google Search Console Warning Message

Did you receive a notice from Google like the message above? If so, you are not alone. Site owners of domains that haven’t yet made the move to HTTPS (also known as HTTP over TLS, or Transport Layer Security) have been receiving warning messages from Google asking them to “migrate to HTTPS“.

Google has been trying to get site owners to move from HTTP (Hyper Text Transfer Protocol) to HTTPS (Hyper Text Transfer Protocol Secure) for quite some time now. It was nearly 1 year ago when we last blogged about this topic and recommended moving from HTTP to HTTPS. These new warning messages mark a more aggressive approach at trying to have webmasters convert to HTTPS.

Why does Google want you to move to HTTPS?

Using HTTPS provides additional layers of protection to that data that is transmitted across the web. This includes:

Security is extremely important to Internet users so it’s a big deal to Google.

When Will Google Start Showing Security Warnings to Chrome Users?

Google will being showing the security warnings starting in October 2017 with version 63 of Chrome. Google has said they intend on marking all pages that are served over HTTP as “non secure”. You still have time to make the switch so if you’ve been holding off, now is the time to make this happen. Here’s a snippet of text from a recent warning message one of our clients received:

Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode. 

The following URLs on your site include text input fields (such as < input type=”text” > or < input type=”email” >) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ data. This list is not exhaustive.”

See the <input type=”email”> in this warning message above? That’s HTML for an input field on a web form that asks for a users email address (like like the example below):

Email will trigger alert

Will rankings go down after switching from HTTP to HTTPS?

According to the Google Search Console Help webpage: “With any significant change to a site, you may experience ranking fluctuations while Google recrawls and reindexes your site.” So yes, there is a chance of a drop in rankings and traffic. Our own experience is that rankings come back quickly (within a week). For some site’s, rankings and traffic are not impacted at all. Referring to to drops in rankings and traffic related to moving to HTTPS, Google’s Gary Illyes has said that they have “changed a bunch of things on our end to make sure that doesn’t happen.” This was previously the main reason why SEOs have not all been on board with the move to HTTPS in the past. Google’s Illyes (the closest thing we have to a “Matt Cutts” at Google these days) tweeted the following:

Specifically talking about the amount of time it would take to recover rankings and traffic, Illyes said “One week is understandable, two weeks, with a stretch. For any longer I’d raise an eyebrow”. Of course, we can’t take every word from Google as truth but I agree with Gary here.

Although we are talking about one additional letter in your URL strings, to Google and other search engines this means your entire site has brand new URLs, so it takes Google time to process this change. The proper way to handle these changes is with a 301 redirect from every HTTP version to the corresponding HTTPS version.

It should be noted that Google has previously indicated that HTTPS is a ranking signal and there is a ranking boost for HTTPS sites. Most likely this will become an even stronger ranking signal than it is today as Google continues to weighs user behavior metrics as a bigger factor in their search engine rankings.

What is required to migrate from HTTP to HTTPS?

There are many things required to make a proper move, including:

  1. Acquire an SSL certificate (2048-bit key)
  2. Activate the certificate
  3. Install the certificate on your domain
  4. Update all hard coded links in your code from HTTP to HTTPS
  5. Test to ensure that external scripts support HTTPS
  6. Create 301 redirects for all HTTP pages to corresponding HTTPS page
  7. Crawl your website to check that all pages can be crawled
  8. Use “Fetch as Google” to test that Googlebot can access your pages
  9. Update sitemaps
  10. Update robots.txt file
  11. Update canonical tags
  12. Resubmit disavow file (if you use disavow files)
  13. Add new site to Google Search Console
  14. Use change of address tool
  15. Update Google Analytics default URL
  16. Update tools that you use (A/B testing software, rank tracking, etc.)

It’s also important to note that SSL certificates expire so they need to be renewed. Depending on the certificate you have, typically renewal is every 90 days to 1 year.

Benefits of HTTPS

Now more than ever it is time to change to over to HTTPS.

-

SHARE

Leave a Reply

Your email address will not be published. Required fields are marked *

Sign Up For Our Newsletter

  • This field is for validation purposes and should be left unchanged.

Google Certified Premium Partner

Google Certified Premium Partner