Does Your Site Meet Google’s New SSL Certificate Standards?

Matthew Hall Gold Shards No Crop

Posted by Matthew Hall

19th July 2018

SSL, Website Security, Conversion Optimisation

With online security fears rising in the wake of revelations over information theft and data protection breaches, website security has become a prevailing priority for technology developers in 2018.

After raising standards to protect and inform their users about online security risks, Google has recently announced even stricter controls on how their leading web browser, Chrome, labels websites in the future.

Google Chrome – the most popular website browser in the UK – began by flagging up problems on websites with invalid SSL security certificates, before overtly identifying sites that didn’t have a security certificate installed in the first place.

What is an SSL Certificate?

SSL is an acronym for Secure Sockets Layer, and SSL certificates are the backbone for any website security. The certificate allows a browser to bridge a secure connection between your device and the web server, thereby ensuring that information is safely transferred. Generally speaking, if a website address begins with HTTPS it is using a secure connection, and if it begins with HTTP is not.

Chrome currently makes it clear to users that they are browsing secure websites by displaying a highly-visible green padlock labelled ‘Secure’ at the beginning of its search bar.

Chrome secure badge

For websites that are not secure, this label is replaced by an information icon that, if clicked, warns users in no uncertain terms that they ‘should not enter any sensitive information on this site’ and that their data is at risk of being ‘stolen by attackers’. But, the ubiquitous developer hasn’t finished there…

Not secure anim

Google announces major changes to warn users against ‘Not Secure’ sites

In July 2018, Google will prominently mark all HTTP sites as ‘Not secure’ without requiring the user to click anything – as shown in the screenshot below:

Treatment of HTTP Pages

This warning will become even more visible in October 2018 with Chrome version 70, when the browser will begin displaying a ‘Not secure’ label in bright red when users enter data on HTTP pages. This commonly occurs on contact forms, login pages and other data entry pages found on most business websites.

Chrome october not secure warning

Although this move towards mandatory HTTPS has been gradual, Google has warned that businesses will need to have SSL certificates for all webpages on their site – not just pages with login requirements or forms – by the time Chrome 68 launches in July 2018.

Since Google Chrome accounts for over 60% of the web browser market share, most visitors to business websites will be alerted to security threats unless SSL encryption is in place. SSL certificates enable HTTPS – so the sooner businesses install certificates for all of their pages, the better for both the business and its customers.

The benefits of making your business website secure:

As Google moves closer to realising its ambition of having completely ‘secure by default’ websites, there are many reasons for business websites to ensure that their SSL certification meets the latest standards:

  1. More traffic: Google prioritises secure websites in search rankings
  2. Better user engagement: Visitors feel more confident using secure websites
  3. Prevent information theft: Data is more likely to be stolen from non-secure websites
  4. Essential for online payments: Shoppers will leave unless all pages are secure
  5. Access invaluable marketing data: Analytics won’t show where visitors are coming from

Read the benefits in more detail

If your business site doesn’t have an SSL certificate then information from visitors arriving from secure websites cannot be recorded to help marketing strategies.

Looking for more advice on how to make your website secure? Get in touch!