Recently, there has been an unprecedented, stringent rush towards a more secure, SSL-protected online environment initiated by authorities like Google. Starting January 2017, Google’s Chrome 56 browser will be alerting users of unprotected login and signup pages, and this is just the first step towards ‘declaring’ all HTTP pages virtually ‘non grata’. To meet the security demands of 2017 in advance, all accounts hosted on our platform are secured with an SSL certificates.
The history behind the HTTPS rush
Google started pushing towards HTTPS more vigorously about a year ago when they announced that HTTPS encryption would become a ranking signal and started giving secure pages a slight edge over unprotected ones.
Google’s rush towards a more secure web was supported by other online institutions like the Internet Security Research Group (ISRG), which made SSL certificates freely accessible to the public in April 2016 via the Let’s Encrypt project.
Meanwhile, Google initiated studies among site visitors to check their security sensitivity. The results have shown that users are fine with the green padlock that signals that a website is secure, but do not perceive the grey exclamation mark on non-HTTPS pages as a security warning.
For this reason, in September 2016, Google’s security team members announced their plans to start marking HTTP connections as insecure. They added that this would take place in gradual steps, based on increasingly stringent criteria, the first step being the labeling of HTTP pages that collect passwords or credit card info as non-secure. In fact, the beta version of Chrome 56 was released in the beginning of December, so that site owners can get acquainted with the way non-secure pages will be labeled from now on:
For Chrome users, this will be just the beginning. Google has announced plans to gradually escalate the process by displaying warnings every time a non-SSL-encrypted connection is initiated.
Google also plans to start using the same red triangle it currently uses for broken HTTPS pages:
How will the new Chrome update affect users?
The update applies only to the newest version (yet to be released) of Chrome – the browser of choice for a staggering 72.5% of the Internet users (according to W3Schools’ September 2016 stats). The number of Chrome users has been steadily growing since its release in 2008.
For example, 2015 saw a 6-percent increase in Chrome’s usage share. While 6 percent is not that much when viewed out of context, the number actually means that 191,159,769 new users have put their trust in Chrome. You can check out detailed, year-to-year browser usage stats on W3Schools’ website.
In its HTTPS migration guide, Google identifies several key reasons for switching to HTTPS:
1. Encryption – user-submitted sensitive data like login details or credit card information is encrypted and protected from eavesdroppers who could otherwise steal it;
2. Data integrity – user data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected;
3. Authentication – users can rest assured that they communicate with the intended website (this also helps site owners build trust with their audience);
NOTE: The HTTPS activation procedure is already in progress and it will take a while until it propagates throughout the entire store network. Please check your account(s) to see if they already resolve to https://domain.com. If not, you will need to allow a few days for the SSL installation to take effect.
My account and domain name resolve to HTTPS, now what?
Aside from adding SSL to your account, we also implemented automatic HTTP-to-HTTPS redirection. Once your account / domain have started resolving to HTTPS, you will need to make some modifications to your web analytics software to make sure that the secure version of your site is being kept track of.
Here is what SEO experts recommend you to do after the migration to HTTPS:
- Resubmit the HTTPS version of your site to Google’s Search Console and Bing’s Webmaster Tools. Also, make sure you submit a new sitemap with the HTTPS URLs to each of them. This is done to make sure that Google and Bing will track your HTTPS traffic correctly.
- In your Google Analytics profile, set the default URL to HTTPS so that it will be tracked properly; add a note about the date and the reason for the change for future reference.
- Update your social share counts, since some of the networks may not transfer the counts through their APIs. Check out the relevant guides for this if you insist on keeping your share counts.
- Update any paid email or marketing automation campaigns to use the HTTPS versions of the URLs.
- Update any other tools such as A/B testing software, heatmaps and keyword trackers to use the HTTPS versions of the URLs.
Managing an HTTPS-fronted site will surely raise your status in the eyes of the security-sensitive search engines and will help it rank higher. While the industry is yet to migrate all sensitive pages to HTTPS, you can rest easy knowing that your site is protected against identity thieves and ready to meet Google’s security reform goals for 2017 in advance.
The HTTPS rush – A great marketing challenge for your Online Business
You can effectively take advantage of the secure HTTPS connection craze by marketing the SSL certificates on your domain(s) more actively. With the SSL Manager, you can manage SSL certificates (both regular and wildcard) to your websites and online businesses separately from your main web hosting panel.
I can’t understand how HTTPS works, can you help? No worries! Besides regular HTTPS connectivity and Let’s Encrypt SSL Certificates we’re also adding a 5GB ecure VPN Traffic and Tunneling for all our clients under Doubleyoutoo.com.au hosting plans. In order to access all the settings described above, and to further use up to 5GB monthly VPN traffic, login to your Control Panel (Doubleyoutoo.com.au) and access the HTTPS/SSL Settings or VPN Connection settings.
If you don’t have a reliable hosting account yet, please go ahead and Order Hosting Plan Now (Doubleyoutoo.com.au) or Contact Us for more information.
If you need an additional support, please don’t hesitate to Contact Us, or if you’re an existing client of Doubleyoutoo.com.au, 2u2 Web Technologies and Unparalleled Hosting – then submit a Support Ticket from within your Account’s Control Panel, describe an issue and our Support Magicians will be back to you in no time with a best solution.
If you are an existing CONNECT, 2u2 Web Technologies and WHOOPS.ONLINE client, then login to CONNECT panel and provide your Support Ticket there.
For more details on Doubleyoutoo, visit www.doubleyoutoo.com.au
For more details on CONNECT plans, visit connect.2u2.com.au
- 1.SSL now enabled on all Doubleyoutoo.com.au Plans for the sake of a more secure 2017
- 2.Resilio Sync ~ All Your Data, Across All Your Devices
- 3.If it’s Free, You’re the Product ~ Unroll.me is Selling Your Information
- 4.Google’s Suprising Habits ~ New Look, Same Login?
- 5.Behind the Dot magazine investigates cyber security
- 6.Change The Code And Start Again ~ This Is Not Over
- 7.Secure Chatting ~ CYPH Encrypted Messenger
- 8.Don’t fall victim to spear-phishing