“Not Secure” Website Warning

The internet is a wonderful thing, opening up a world of possibilities, but unfortunately there are some bad actors out there trying to take advantage of unsuspecting users. It seems we hear about a new security breach every day. Thankfully, Google and others are trying to make it a safer place for all of us by pushing all websites to adopt the secure HTTPS protocol. The "S" stands for "Secure". HTTPS protocol encrypts the data sent between your web browser and the web server of the website you’re visiting, protecting your data from hackers.

HTTPS Not Secure indicator
HTTPS Secure indicator

In an effort to push the process along, Google is now adding a security indicator in the address bar of your browser. There are different indicators, depending on the situation, but if you don't see a green padlock, the page is not properly secured. In the near future, Google has said they will start showing the red "Not secure" warning on any web page that has a form to collect data which is not secure.

A simple contact form or email signup form will trigger the 'Not Secure' warning if it's not not served with HTTPS protocol.

What does this mean for website owners?

This is an important change for anyone with a website for two big reasons:

  1. Visitors will be hesitant to submit anything on a page that shows the red "Not secure" warning.
  2. Google has indicated they will begin giving secure websites a slight ranking boost.

How can you make your site secure?

  • Migrating your existing website to HTTPS protocol is a fairly technical process. See Google's guide to enabling HTTPS. The basic procedure looks like this: 
  • Install an SSL certificate. (We recommend using premium certificates for the highest security on Ecommerce websites, but there are free options available for other websites.)
  • Enable HTTPS on your web server
  • Change any existing intrasite links to use protocol relative URLs. (This includes image source URLs as well as page links)
  • Redirect all incoming traffic from HTTP to HTTPS protocol
  • Turn on Strict Transport Security and secure cookies
  • Update any pre-existing redirect rules

Extras

  • Update Google Webmaster Console with new website URL and submit a new sitemap
  • Update Google Analytics to use HTTPS protocol
  • Enable HTTP/2 Push to counteract the slowdown caused by the data encryption process
  • Test to make sure everything works properly

We Can Help

If you are interested in migrating your website to HTTPS please give us a call at 770-698-0960 or shoot us an email at info@awts.com.

Posted in Web Design News and tagged