Update: 10 Oct 2019
While Google already blocks some types of “mixed content” on the web and makes it difficult to view non SSL websites it has now announced that from early 2020, Chrome (and other browsers will follow that example so they don’t appear “insecure” ) will block all mixed content by default, breaking some existing web pages. Which makes the information below on why all websites need to have a valid SSL certficate below even more pertinent.
What is mixed content
Mixed content is confusing. If you are viewing a web page that’s both secure and not secure. For example, a usually safe and secure web page via https but the web page is getting a JavaScript file via HTTP then it is possible that the script could be modified—for instance, if you’re on a public Wi-Fi network that isn’t secured—to insert malicious code into the web page that could monitoring your keystrokes etc.
Google announced in September on it security blog that if your website is not using HTTPS/SSL when they implement their latest changes in 2017, your website credibility and search engine rankings may be affected. Chrome- Googles web browser has already begun to mark non-secure pages containing certain input fields as Not Secure in the URL bar as you can see below.
At the moment this only appears on non-SSL pages that ask for a password or credit card information and it’s not too noticeable. But Google has confirmed that in the near future, this warning will appear on ALL pages served over HTTP vs. HTTPS and it will be in RED and look like this NOT SECURE- not exactly the sort of thing that will instill confidence in your website!!
There is already a lot of research which shows that Google is already using HTTPS as a ranking factor…SSL DOES Correlate with Higher Rankings!!
Websites need to convert from HTTP to HTTPS to Avoid the ‘Not Secure’ Warning and feel confident with a Secure green padlock
Another reason why you should convert your website to HTTPS/SSL is that its safer for your visitors
HTTPS and SSL prevent man-in-the-middle attacks.
When an SSL certificate is installed on a web server, it operates as a padlock and acts as a secure connection between the web server and browser. An SSL certificate binds together your domain name (or server or hostname), company name and location. While how an SSL certificate works goes into more details–involving a public key and a private key–what you need to know here is this: Even if a hacker manages to intercept your data, he won’t have the private key to decrypt it. Basically HTTPS and SLL adds extra layers of protection.
So what do website owners need to do
The first step would be to contact their webhost and purchase and install a Secure Socket Layer certificate (SSL) to ensure that data between your web server and browser remains private and secure and they are not penalise by Google’s SSL update.
You must be logged in to post a comment.