Google increases penalties on unsecured websites

Following Google’s latest update, three-quarters of internet users will be warned against using your site if it doesn’t have up-to-date security - even if you aren’t collecting sensitive information.

Over the last few years, Google’s search engine has attempted to make the entire internet a safer place for users. This summer, it made another stride forward when its browser began warning against unsecure websites.

Websites which haven’t applied for and installed a relevant and up-to-date security certificate will now be flagged, in red, as unsafe to use.

And this applies to all websites. Not just those which handle personal details and credit card information, but even smaller, purely informational websites too.

The technology in question is HTTPS. In the most basic of terms, HTTPS prevents outsiders from accessing data sent between a user’s computer and the website they’re visiting. The internet as we know it was built on HTTP, that’s been the standard for many years, but now Google is punishing those without the added S (which stands for secure).

This makes the internet safer for browsers. Through HTTP, it’s possible for third parties to intercept data including personal or sensitive information as well as payment details. It is also possible for third parties to inject their own code into unsecure websites. In its simplest form, they can add their own adverts into websites. But it can also be used for more dangerous purposes, such as adding in malware.

Because of this, Google began taking HTTP or HTTPS status into account when ranking websites as far back as 2014. HTTPS-backed sites have been more visible in search results than less secure alternatives since then.

In the last few weeks, Google changed the way Chrome browsers handled such sites. Until now, secure HTTPS websites have been displayed with a green checkmark, indicating their security level. This showed that the internet was unsafe by default and that security was an added bonus.

To reverse this, that green checkmark has been reduced and now unsecure HTTP websites will be displayed with a red checkmark which warns users against entering sensitive information.

The Firefox browser has a similar function. Three-quarters of internet use goes through either Chrome or Firefox, making this the most visible move against unsecure websites to date.

In short, if your site doesn’t have an up-to-date security certificate, it is ranking lower on Google and a majority of users are being warned that visiting your website could be harmful to them.

This is, naturally, hugely detrimental to the volume of traffic your site receives as well as your conversion rates. HTTPS protocol is now essential for all websites.

You can read Google’s own guide to applying HTTPS to your own site here, and the good news is that you can upgrade your site for free, through services such as Let’s Encrypt, though it can be complex and time-consuming.

Alternatively, talk to one of our expert web development team about your website. We have a range of options that will help ensure yours is secure - and on the right side of Google’s new rules. If you’re concerned about Google’s latest security crackdown, or you have any other questions about getting better returns from your website, call us for a  free, no-obligation consultation on  01254 279998.