Recently, there has been an unprecedented, stringent rush towards a more secure, SSL certificates -protected online environment initiated by authorities like Google.
Starting January 2017, Google’s Chrome 56 browser will be alerting users of unprotected login and signup pages, and this is just the first step towards ‘declaring’ all HTTP pages virtually ‘non grata’.
To meet the security demands of 2017 in advance, all stores hosted on our platform are in the process of being secured with an SSL certificate.
The history behind the HTTPS rush
Google started pushing towards HTTPS more vigorously about a year ago when they announced that HTTPS encryption would become a ranking signal and started giving secure pages a slight edge over unprotected ones.
Google’s rush towards a more secure web was supported by other online institutions like the Internet Security Research Group (ISRG), which made SSL certificates freely accessible to the public in April 2016 via the Let’s Encrypt project.
Meanwhile, Google initiated studies among site visitors to check their security sensitivity.
The results have shown that users are fine with the green padlock that signals that a website is secure, but do not perceive the grey exclamation mark on non-HTTPS pages as a security warning.
According to Google, the current neutral HTTP connection icon doesn’t reflect the true lack of security and the potential for man-in-the-middle hacking (when an attacker intercepts the network communication between your browser and the server).
For this reason, in September 2016, Google’s security team members announced their plans to start marking HTTP connections as insecure.
They added that this would take place in gradual steps, based on increasingly stringent criteria, the first step being the labeling of HTTP pages that collect passwords or credit card info as non-secure.
In fact, the beta version of Chrome 56 was released in the beginning of December, so that site owners can get acquainted with the way non-secure pages will be labeled from now on:
For Chrome users, this will be just the beginning. Google has announced plans to gradually escalate the process by displaying warnings every time a non-SSL-encrypted connection is initiated.
Google also plans to start using the same red triangle it currently uses for broken HTTPS pages:
How will the new Chrome update affect users?
The update applies only to the newest version (yet to be released) of Chrome – the browser of choice for a staggering 72.5% of the Internet users (according to W3Schools’ September 2016 stats). The number of Chrome users has been steadily growing since its release in 2008.
For example, 2015 saw a 6-percent increase in Chrome’s usage share.
While 6 percent is not that much when viewed out of context, the number actually means that 191 159 769 new users have put their trust in Chrome.
You can check out detailed, year-to-year browser usage stats on W3Schools’ website.
In its HTTPS migration guide, Google identifies several key reasons for switching to HTTPS:
1. Encryption – user-submitted sensitive data like login details or credit card information is encrypted and protected from eavesdroppers who could otherwise steal it;
2. Data integrity – user data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected;
3. Authentication – users can rest assured that they communicate with the intended website (this also helps site owners build trust with their audience);
HTTPS to be enabled on all stores hosted with us
To get your stores prepared for the new security-focused reality, we’ve started enabling HTTPS across all stores hosted on our platform. This applies to both domains and subdomains.
This means that your entire site will start resolving to HTTPS, not only the login and the signup pages.
This way, your site will practically be fully consistent with all the security guidelines that are expected to be enforced throughout 2017. The HTTPS activation procedure applies to:
1. All stores that are using the Store Master reseller hosting theme (i.e. true-cloud-hosting.com);
2. All subdomains that are assigned to a Store Master-based store by default (i.e. truecloud.duoservers.com);
3. All stores that are using a Private DNS cluster, as well as the respective subdomains (e.g. webmail.domain.com and login.domain.com);
4. All stores that are using any of our WordPress reseller hosting themes;
NOTE: The HTTPS activation procedure is already in progress and it will take a while until it propagates throughout the entire store network. Please check your store(s) to see if they already resolve to https://domain.com. If not, you will need to allow a few days for the SSL installation to take effect.
My store resolves to HTTPS, now what?
Aside from adding SSL to your store, we’ll also implement automatic HTTP-to-HTTPS redirection.
Once your store has started resolving to HTTPS, you will need to make some modifications to your web analytics software to make sure that the secure version of your site is being kept track of.
Here is what SEO experts recommend you to do after the migration to HTTPS:
Resubmit the HTTPS version of your site to Google’s Search Console and Bing’s Webmaster Tools. Also, make sure you submit a new sitemap with the HTTPS URLs to each of them. This is done to make sure that Google and Bing will track your HTTPS traffic correctly.
In your Google Analytics profile, set the default URL to HTTPS so that it will be tracked properly; add a note about the date and the reason for the change for future reference.
- Update your social share counts, since some of the networks may not transfer the counts through their APIs. Check out the relevant guides for this if you insist on keeping your share counts.
- Update any paid email or marketing automation campaigns to use the HTTPS versions of the URLs.
- Update any other tools such as A/B testing software, heatmaps and keyword trackers to use the HTTPS versions of the URLs.
Managing an HTTPS-fronted site will surely raise your status in the eyes of the security-sensitive search engines and will help it rank higher.
While the industry is yet to migrate all sensitive pages to HTTPS, you can rest easy knowing that your site is protected against identity thieves and ready to meet Google’s security reform goals for 2017 in advance.
The HTTPS rush – a great marketing challenge for your store
You can effectively take advantage of the secure HTTPS connection craze by marketing the SSL certificates on your store more actively.
With the SSL Manager plan, you can offer SSL certificates (both regular and wildcard) to customers separately from your main web hosting portfolio.