Why is Google forcing SSL
Google has been pushing webmasters to make the change to non-secure websites a for years now – including hinting at small rankings boost to further incentivize the shift. 81 of the top 100 sites on the web use HTTPS by default. Undoubtedly, Google loves its users and therefore, is coming up with every possible way to make us feel secure here on the internet. This means if your website doesn’t have an SSL certificate, it will display a ‘Not Secure’ in the URL bar. This move will coincide with the release of Chrome 68.
SSL/TLS and HTTPS
HTTPS means that all traffic to and from your website will be encrypted and thus not easily readable by a 3rd party eavesdropping on the traffic. While being mandatory for any site that has a payment gateway, normal sites have had no obligation to be ‘secure’ until now. With SSL Certificates becoming cheaper and even free, the move is neither hard nor expensive. There are a few traps to avoid. The main ‘trap’ is mixing secured and unsecured content. This will cause an SSL failure even if your certificate is valid.
When a secure (HTTPS) site requests an insecure (HTTP) resource, that is called a mixed content error. Some browsers block insecure resource requests by default. If your page depends on these insecure resources, then your page might not work properly when they get blocked. Also, browsers may warn users that your page is not fully secure.
Check for any URL links in your website code that do not start with https. These are usually the culprits. Change them to https. If the source site does not have https, either request them to move with the times or find a different way to provide the content. The internet is NOT as secure as many people like to believe with HTTP only. Anyone can read what data you send to and from any server if the website is NOT using a HTTPS.
Other benefits of HTTPS
HTTPS is not just about securing your website, but about keeping the content integrity as well. It also provides integrity and authenticity for your website visitors. When you don’t have an HTTPs then your website traffic can be modified by a middleman like an ISP or airport WIFI. How do you feel that your website visitors can easily be redirected to malicious website courtesy of a shady DNS? Well, this is what your business is risking by not have SSL certificate on its website.
Encryption by SSL also does not slow your website down. HTTPS websites actually load FASTER as the browsers have to do less security checks. Your Google ranking will also improve as Google gives a boost to SSL sites as an incentive to move to HTTPS.