59% of websites are not secure, is yours one of them?
UPDATE: Google announced on August 29th that October 24th 2017 is the day of reckoning. They’ll start showing not secure warnings to users after that date. More, here.
At the beginning of 2017, Google began their quest to improve how their Chrome browser communicates the connection security of websites. More specifically, HTTP pages. Right now, Chrome marks HTTP pages as “Not secure” if they have password or credit card fields.
Later this year, sometime in quarter four – Google states October – Chrome will show the “Not secure” warning in two additional situations: when users enter data on a HTTP page, and on all HTTP pages visited in Incognito mode.
How big of a deal is this?
Do you collect email addresses & credit card information on your website?
The answer to at least one of those questions is probably yes.
Well then, it’s going to affect you. In fact, it’s already affecting you if you’re collecting credit card information or your users need to enter a password to login on your website.
But this only affects Chrome, right?
Right now, that’s correct.
However, Chrome is by far the most popular browser. It accounts for 76.3% of browser usage, and it’s growing steadily each month.
How do I make my site secure?
Over the past month, we’ve checked 57 Agora websites to see if they’re HTTPS compliant.
Of all the sites we looked at, 26% had no SSL cert installed. And 33% had an SSL cert installed but it wasn’t configured correctly; both the http:// and https:// version of the site were visible. Having two versions of the site visible causes duplicate content issues, and has a negative effect on their rankings and search engine visibility. 41% of Agora sites had an SSL cert installed, and these sites passed a quick and easy test to see if it was installed correctly. HTTPS is clearly an area where Agora websites can improve.
Open a page on your website. If your site shows https:// in the URL bar, look at A. If your site shows http:// in the URL bar, skip to B.
A: Does your site show as https:// in the URL bar?
If it does, then remove the s from https:// and press enter.
Does the URL redirect back to the secure version?
Or does the URL show you a http:// version of your website?
If it shows the http version, you have https installed but it isn’t configured correctly and is causing you duplicate content issues.
B: Does your site show http:// in the URL bar?
If it does, then add an s http://, to make it https:// and press enter.
Does the URL redirect back to the http version or do you get an error?
If it does either, that’s OK. It means you don’t have an SSL cert set up. You should put it on your web developer’s radar to get one installed.
If it shows the https:// version of your website, it means that your SSL cert isn’t configured correctly.
If your site is showing a http:// and a https:// version, consider fixing it. It’s causing duplicate content issues and is affecting your search engine visibility.