What Google’s Security Changes Mean for Your Search Engine Rank
You may have read that in 2017 Google is going to flag HTTP connections in the Chrome browser. This is likely a step in the right direction for web security. However, there is limited discussion about what this Google Chrome’s SEO update means from the web master and business owner perspectives.
What Google is Doing to HTTP in Chrome
Web browsers in general display some form of visible warning after loading a page that uses HTTPS but cannot verify the validity of the operation. In many cases this comes from a broken or expired certificate. Encryption still occurs in these instances, but the user must proceed at his or her own risk because the identity of the party on the other end becomes suspect.
Chrome’s “lock” icon next to the address bar indicates a successful secure connection, but if the user chooses to risk accessing a compromised site the lock displays a red “x” for the duration of the visit.
Google is going to gradually start marking every HTTP connection with a similar mechanism in the Chrome browser, the label “Not Secure.” It will begin with the releases of Chrome 56 in January 2017 and will only affect connections that transfer password information or payment credentials. Eventually, it will mark all HTTP connections as insecure for users in Incognito mode. Down the road, the rule will apply universally to every HTTP connection in Chrome.
Why is the Change Necessary?
Google’s decision is a response to two important web security factors:
1) Users do not perceive the lack of a secure designator (e.g. the lock) to mean that the connection is insecure. They implicitly trust websites unless they display clear indicators of unsafe browsing.
2) HTTPS largely gets reserved for risky contexts such as transferring login credentials or credit card data. However, even with relatively innocuous pages, attackers can exploit the lack of security to orchestrate man-in-the-middle attacks and other malicious tactics.
Google has been nudging the web towards global HTTPS coverage for several years. At Google I/O in 2014 the company called for “HTTPS everywhere.” Not long after this, it turned HTTPS into one of its many ranking signals. This coupled with the mandatory labeling of HTTP as “not secure” has implications for web designers and for Search Engine Optimization (SEO).
How Will This Affect Page Rank and Other Aspects of Your Site?
Note that Google started the push to give privilege to sites using HTTPS in 2014. It confirmed to the outside world that it indeed made HTTPS one of its ranking signals.
Fortunately for many websites, it started out as a lightweight ranking signal – one of 200. By Google’s account near the time of inception it only affected about 1 percent of results. At least one outside investigation found that the effects at the time were indeed negligible.
However, this does not mean that the Google Chrome “not secure” label for HTTP will not affect Page Rank down the road. There has not been much information from Google on the matter in a while, but it has made it clear that strengthening HTTPS as a search signal is within its agenda and it is definitely an important factor in the drive to make every connection on the web secure.
Furthermore, it is not just the Page Rank itself that may factor into user reach and engagement. Users have a higher rate of abandoning sites with broken HTTPS connections. The presence of an explicit warning causes users to flee, and there is no doubt we will find a similar trend when browsers display the clear label “not secure.”
The change may also impact the layout of your site, which invariably touches SEO. Google has published some guidelines for avoiding the insecure HTTP warning. One stipulation is that the top-level page must be HTTPS. HTTPS login forms that overlay HTTP pages – a fairly common pattern – will get flagged and the preference will be for redirection to a secure page or for the entire client to use HTTPS.
In any case, you will have to take measures to secure your site with HTTPS, such as an SSL/TLS certificate. Fortunately, it is actually a far cheaper and easier process now than when the web was in its growing stages. In order to stay relevant in searches and in the eyes of users, you will need to catch up to the countless number of sites that will inevitably switch to HTTPS. Contact a trusted and experienced design partner to learn more about how to make this transition.