Don’t have an SSL Certificate? Google is going to flag your website this year!
We turn to the internet for everything. From selling to buying,
With this dominating trend, online security has become a necessity.
Undoubtedly, Google loves its users and therefore, is coming up with every possible way to make us feel secure here on the internet.
With its recent announcement, earlier this year, Google will flag all the unencrypted internet by the end of 2017.
Google will flag 2/3rd of the web as unsafe.
This means if your website doesn’t have an SSL certificate, it will display a ‘Not Secure’ in the URL bar.
But don’t worry with our best Magento hosting service you get a free SSL certificate to make your website secure.
When Do You Need to Worry About SSL?
With Chrome version 62 being released, websites with any kind of text input will need an SSL certificate.
- Does your website take text inputs in the form of login panels, contact forms, search bars, etc?
- Is your website on HTTP://?
If it’s a YES to both these questions, you need to install SSL to avoid any risks or warnings.
If you don’t implement SSL soon, your visitors will see a “Not Secure” warning on visiting your site.
What is an SSL Certificate? And How it Works?
That’s your electronic passport!
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser.
This link ensures that all data passed between the web server and browsers remain private and integral.
You Can’t Miss this: SSL Certificate Cost, Features & Brands
If you don’t have the SSL certificate, a secure connection cannot be established, which means, your company information will not be digitally connected to a cryptographic key.
SSL Certificate has the following information:
- Name of the holder
- Serial number and expiration date
- Copy of the certificate holder’s public key
- Digital Signature of the certificate-issuing authority
Why are SSL Certificates Critical?
Here are some of the reasons to have SSL Certificates:
1. Encrypts Sensitive Information
The information you send on the Internet is passed from computer to computer to get to the destination server.
Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted.
When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to.
2. Protects You From Cybercriminals
They are clever!
Cybercrime Damages to Cost the World $8 Trillion USD in 2023.
It is impossible to escape the rising tide of cybercrime if your website doesn’t have an SSL certificate.
They will identify weakness(es) in your network…mostly when information is transmitted.
Recently, the black eye masked people have been refining malicious strains that are specifically designed to capture data while moving between destinations. (Told you, these people are clever!)
You surely can protect yourself from this mess by installing SSL certificates that offer a vital means of defending against transit-based hacks.
You Should Read This: Types of SSL Certificates
3. Builds Trust & Brand Power
With SSL certificates, your customers will see visuals like lock icon and green address bar that indicates well-trusted encryption is in use. Well, if I as a customer will see that on your website, I will be assured that my information is traveling safe.
Undoubtedly, this will add brand power and boost the credibility of the brand.
Conclusion
Before Google flags your website, secure it today with SSL Certificates.
And it is not only for Google, visitors also trust the secure sites.
FAQs
Is Google requiring SSL?
Yes. Google is pushing web owners to implement an SSL certificate on their websites. The aim of Google is to become a trusted Search Engine. To do that, Google has to show only secure websites in the search results. That’s why Google is giving a rank push to HTTPS sites.
Do I need SSL?
If you have a website that stores information of visitors, you need an SSL certificate on your site. Without SSL, the data transfers in text format which is an insecure way of sending data. While SSL protects the data by wrapping it in an encrypted layer.
Does Google sell SSL certificates?
NO. Google does not sell SSL certificates. But SSL certificates are easily available on the Internet (for free and paid).
How do I get SSL?
Quality Web Hosting providers provide SSL certificates in their web hosting plans. At ServerGuy, we provide free SSL with every hosting.
65 thoughts on “Why Google is Forcing You To Have SSL Certificates on Your Websites?”
Serving a website over SSL/HTTPS does not make data secure. 99.9% of all data breaches since 2010s happened to websites served on SSL.
“Google loves its users…” Pff! Goo has some of the most user
-unfriendly internet cteations – the detestable recaptcha, it’s absurd aversion to word-wrap and bottom toolbar in its mobile browsers, and its love of social engineering and censorship control-tools. The mandarins at Goo love themselves.
Yes, this is a moral way to look at it. But, comparatively speaking, other search engines show spammy websites on the first page.
thanks for this post because it really helped me..
Thanks you so much for sharing this! I just got me a SSL certificate on my blog and glad I did! Now it is secure.
Thank you so much! This was very helpful and now I see why having a SSL is so important on sites.
I read on many pages that the one with https has a better position in google. I have several pages and some have SSL and others don’t and I don’t see the difference. Perhaps this is very insignificant about the position. At least I don’t see differences when it comes to positions.
I like this blog and how it’s designed with readers in mind. By the way, SSL Cert right from time – even before Google started talking about it has always been important and needed by webmasters for security mostly
Thanks for the post I actually learned something from it. Very good content on this site Always looking forward to new post. keep it up.
Thanks Sanjana, GREAT article (blog post). Hmm, you have to ask yourself with SSL which is the fat cat getting fatter? Reality is, from the get go, all sites should have them, I thing is a huge percentage of the CHEAPER / FREE sites that dont. Lots of people do self builds and they are no wiser. I would love the stats on that one. The small to medium and then all BIG business will have this in place. My gut feel is that its the people doing things on the cheap or free that are no wiser …. your thoughts Janj?
GOOGLE SCREWED UP MILLIONS OF SSL CERTS AND THEY ARE ALL GOING TO FAIL.
LOL, These are the crack heads that forced it in the first place! And they JACKED it up!!! I hope it cost them BILLIONS in lawsuits!
Burn google et. al. the social criminals of the world.
Overall it’s about choosing the right table or opponent,
the correct occasion and place, and to be able to get away if it all goes wrong.
We are not secure and don’t have an SSL certificate. We are now unable to upload our website to update it or to refresh the site as we keep getting FTP errors. Could this be because we don’t have a secure site with an SSL certificate or is this probably something else?
Superb Explanation! Great help to all your readers. Thanks for sharing…
Hi we use this and it is free. letsencrypt.org, here’s the best description I’ve seen:
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).
I just found this problem myself. I had no idea what was going on. I noticed that when I played live music on Periscope the embed I had going to my website was not displaying like it had just a few weeks ago. I was getting a white blank box. On my Twitter feed I was getting the image with the play button, much more inviting than a white box. After weeks of trying to figure out what was going on, it lead me to contact GoDaddy who hosts my website. They told me I needed the SSL protection. I purchased it with them telling me they would help me get it redirected once it was set up, WRONG! They totally lied about that and basically said they could not help me, only sell me the service! I’m so outraged after spending thousands of dollars over the years with them, I’ve decided as a very small business owner it just doesn’t make sense for me to keep spending more and more money and not getting anything back. I feel like this is total corporate take over of small businesses like myself. Yes I understand the need for more security, but huge companies like banks, retail outlets have deep pockets and can absorb this kind of thing. Someone like myself, can not. I am very saddened by this because I’ve had my own websites for my movies and music for years and thinking about shutting them down is very hard for me, but on the other hand, I can’t keep bleeding money just to have a web domain. I think we are seeing the final take over of the world wide web. It will no longer be for the common man, it will be owned and run by corporate greed. This was handled very badly. If anything, GoDaddy should have made me aware of this and not left me out in the cold.
Thanks Sahil for sharing this! I just got me a SSL certificate on my blog and glad I did!
Thanks for this info. You mentioned two conditions for needing an SSL Certficate:
1) Does your website takes text inputs in the form of login panels, contact forms, search bars, etc.
Is your website on HTTP:// ?
Until today, I DID have a contact form, but I have removed it in the hope that when people go to my site they will not see the dreaded “Not Secure” message. So far, the message persists. I am hoping Google will figure out that I do not have a place for visitor to input information and will therefore stop saying mean things about my site! But how long should I expect this to take? And do you think removing the input form is indeed a solution to this problem?
Hi Joan,
It was the case before release of Chrome version 68, since its launch in July, Google Chrome is showing Not Secure on all the HTTP sites. Now whether you have a form or not if your site is on http, Chrome will show a not secure warning.
Are you aware that by using Cloudflare you are sharing your certificate with a drug dealer website? Also do you support HTTPS end to end or are you using Flexible SSL?
I have noticed a large percentage of Cloudflare shared certificates have illegal and/or fraudulent websites in their SAN.
In other words, Google is to be unquestioningly trusted as the gatekeeper of the cloud of online data, which is not an axiomatic statement given their history and future trending… Indeed this smacks of the proverbial “mark of the beast” wherein no one will able to buy or sell without sanctioned passage to the “system.”
Google is turning into a monster
I think it is wise to use an SSL, however I do not approve of Google’s forceful way of pushing the issue. They are basically lying. A website that does not collect any data from its users is in no way less secure because it doesn’t have an SSL. Labeling that website insecure for that reason alone is misleading and in my opinion borderlines with defamation.
You are correct in this regard. Having SSL is not protecting the website nor really protecting the visitor to a website.
Correct, you hit the nail on the head! IF data is passing back to the site from the user , then it should be secured. The voyeur only site should not be penalized for not having a SSL cert.
Agree
One point I haven’t seen made when cost is brought up and letsencrypt is given as a response – some hosting companies don’t allow use of letsencrypt (for potentially valid reasons). In my case, I look after about 20 sites and to add ssl at the moment would cost over $2000 For most of them they would gain no extra security as they are not transferring any sensitive info.
And given that the vast majority of hacks use much simpler tricks than the stated man in the middle hack, ssl in many cases gives a false sense of security for the majority of people with sites, or who use sites and don’t understand what it actually does.
I’m a web developer, and none of our sites have an ssl certificate. I want to convince clients that that is something they need to do, but anytime I visit their sites, I get no warnings from Chrome. Zero. So I have no proof, especially since Google was supposed to have enacted this last year.
What gives?
Hi Greg,
As of now chrome wont show any not secure warning if there’s no login form or any kind of form needs to be filled by users but beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”. you can also send our article to your clients.
actually if you click the little info icon on the left of the url field.. it will say that the website is not secure
Question if you don’t mind… In the case of a non-wildcard certificate where the you get a successful SSL handshake on the “https://www.domain.com” version but the handshake fails on the https://domain.com version, will Googlebot/Google possibly consider the entire TLD insecure? Could the https://www.domain.com version of the site end up with the “Site is not secure” message on it as well?
Note that the handshake occurs before the server has a chance to 301 redirect the non-www version to the www version.
Hi Scott,
It could be some issue with your htaccess/nginx file, as you said you are getting successful SSL handshake on the “https://www.domain.com” but not on non-www version it means your redirection from non-www to www is not working properly.
Thank You Google for damaging my credibility as a 14 year business. I knew nothing about an SSL. Nothing from Google, Go Daddy or Word Press. Two weeks ago my students were having problems saying they were getting warning signs that my website was a scam or had been hacked. It carried through all the social media outlets too. Horrible. If a student hadn’t approached me I still would not know and my website is through Word Press and Go Daddy. I called an IT person told me what to do, Ive completed everything and they told me i could take up to 72 hours to get it all cleared up. Awful how you handled this Google. I don’t know how many clients I’ve lost.
I’m sorry to hear that, Rene.
However, its not just SSL that led to this. The lack of monitoring, malware scanning, DDoS protection, backups etc has made your website vulnerable to hackers. It’s okay if you don’t know much about this. It’s the duty of your web hosting service to take complete care of the site. We’ve sent an email with possible solutions.
If you’ve got the required expert support, let me know how your website’s doing now. And if you’re still struggling, you can talk to us at any time.
Hello Sahil Chugh, you state it is the duty of the web hosting service to take care of the site. I prepay Go Daddy for the domain and hosting and now the SSL Certificate. I have had to change my E-mail password numerous times based on they told me I had malware and or spoofing however: I got Geek Squad on my computer for an hour and a half no malware and or virus and my concern that the E-mail problems I am having is their problem not mine. Another thing someone told me our website could have malware too and mentioned word press how do we get that checked out? Thank You
This is a service Google should already provide. If they force people to buy SSL, and they get hacked, then Google and all the certificate providers can be open to litigation to anyone with the money to sue them for failure to provide the “security” they say was have to buy to quit “scaring” people.
Hi Mith,
Google already have SSL on their services whether its gmail or analytics or any other service they offer, Its just asking other service providers to do the same for their users to protect them and they are not forcing anybody to follow this, its just that they are gonna show their users(Google Chrome users) not secure warning if any of them visit a site without SSL and its upto the user whether it wants to be on that site or not.
Do all sites need this much security? This becomes something of a question for sites who don’t take payments or have much in personal data to expose. Google will effectively brow beat every site into https simply because they will eventually wave a red flag in every users face that this site is bad. Lot of the world still is in past with a OS or browser. I’ve already seen Chrome users testing Canary beta complain about broken bank sites and other sites. Yes, you can explain all day long to a user its the sites problem not the browser. But personally, the browser is support the web not the other way around.
I agree, but think about this scenario, you are a website admin and you are on a public network, you try to log into backend of your website let say wp-admin, your user name and password are going to be sent to the server in plain text if your site is on http which makes you vulnerable to man in the middle attack, So https is not only helpful for end user but for site admins also and in the end its totally up to you whether you want a site on http or https.
If your site has no user logins and does not take credit card into but does have PDFs that can be downloaded, would SSL be needed to prevent a 3rd party from intercepting the download and substituting a malicious file?
Hi Diane,
yes it could happen.
It’s more than a ranking factor – I’ve baulked at proceeding to website when I have gotten a “This site is not secure” warning…
Ditto too when the error message is this site certificate is not properly configured.
It scares the pants of grandma when she’s surfing!
Thanks for this Tarun – I’ve linked to this too.
I totally agree Karl, and Google has confirmed also that beginning in July 2018, with the launch of Google Chrome 68, all websites on HTTP will be clearly marked as “not secure”.
Not really sure how its a big deal for “some guy with a blog”. Or “collection of recipes”.
It makes having a website more costly and complicated than it should.
Unless you have some kind of login, private info or financial transactions, HTTPS should still be optional rather than getting punished for not having it
Hi Matt,
Free SSL certificates by Letsencrypt are also an option for small websites that won’t want to spend money on purchasing SSL.
I have two business websites that are purely informational. There are no transactions and customers can only read info published to the page. There is no bona fide need for SSL and this infuriates me because it’s a scam to get more money!
Hi Doug,
Free SSL certificates by Letsencrypt are also an option for small websites that won’t want to spend money on purchasing SSL.
hello sahil how i get free ssl cirtificate? i search every where but i could not get the link to regestired. can u guide me….
Hi Parvez
Free SSL is provided by Let’s Encyrpt. Here’s a step-wise guide to installation: https://serverguy.com/security/how-to-install-ssl-certificate-guide/
Hope this helps. Let me know if you’ve further question.
Still have to keep installing them every 3 months. And it breaks the website for users using TLS 1.0 (older computers, earlier smart phones, most non-smart phones) as lets encrypt no longer supports TLS 1.0.
Lets say your car breaks down. You only have a dumbphone with basic internet on it. You try to look up the phone number of your mechanic, but the websites just take forever to load and then tell you that “Cannot communicate securely with peer: no common encryption algorithm(s).” like I care at this point that someone is in the middle stealing the list of phone numbers for repair facilities.
Regardless, Doug’s time is not free.
Of course our google overlords don’t care much about that factor. “Bow down – wait – you aren’t low enough yet. We will make up so more stupid crap to waste your time and dreg down your small business for all of our big business oligopolistic buddies.
What? you don’t want to hire a computer person to make sure cert actually works on all pages and existing links?
what? you don’t want to hire an SM idiot to hang out online for you so you don’t have to become brain dead yourself from the constant disruption to your thought process (pertaining to what you actually do for a living) and to avoid the brain cell frying radiation of the so-called harmless microwave phone you now must always have on person as ‘cost of doing business’? You think you gonna be a small biz in 20–? blah haha ahhahaha”
Agree. It is a scam to get money. Google is strong-arming people with websites to get the SSL. I run about 40 websites and having to get SSL on all of them is costly. Google sucks.
Yes Matt sometimes stuff comes down that may not make sense to us but it’s happening anyways. It reminds me of Google KW tool. Years ago it gave us limitless power and data. Now if you’re not seriously using adwords the data is limited. Having an opinion on this is really irrelevant. It’s happened and we need to adjust.
Unnecessary encryption slows everything down. I’m sick of the world wide wait. How about developing a new protocol for website that doesn’t allow cookies and doesn’t need to be secure?
no, not in 2018. black hats can perform man in the middle attack’s, so unless you want your end users thinking you’re the one who wrote “i’m the webadmin of this website and i’m a dumbass!”
HTTPS will be everywhere soon but right now it’s not just a way to protect your clients but a real advantage over competitors.
It’s more than that, SSL/HTTPS is also a Google ranking factor. Not to mention it doesn’t look good when there’s a “not secure” tag next to your URL.
Hasn’t done my ranking any good.
Hi Neil,
It could be something else. Google determines the ranking of the website with many factors including content on your site, backlinks etc. Do an SEO audit of your website and see if there’s anything wrong.
sorry for the very basic question but my web dev guy who freelances on the side mentioned this to me, however he told me the fee would be….
Secure Socket Layer (SSL) certificate for data encryption (wildcard h*tps://*.website.com)
Cost: $650/year
Installation of SSL certification on site and redirect all users to the secure URL https
Cost: $200
is this a fair fee?
It’s a ploy to make more money for Google first, other host servers second.
If you own a personal website with no visitor login, no digitally sold downloads etc., you’re being pushed towards https:// because it’s a ploy to make money.
I has one file for remote desktop help that needs to be downloaded. Is that file at risk of being downloaded and then hacked, then reuploaded to my site? NO, it does not have that risk factor. EVEN if it did I replace that file often via FTP – just to be safe.
Unless you run an e-commerce site I believe https:// to be unncessary. I don’t use Google Chrome because of Google’s propensity to push the world in the direction they want us to go.
I love Google’s search engine, wouldn’t use anyone elses. But as a Browser and being warned that a site I have visited in the past is now “unsecure”. Nah, I’m not worried.
Should commericial sites or membership sites have https:// Absolutely!
It seems to me that Google has found a new way to make more money… I am sure they collect their cut from the hosting companies. Why not provide SSL by default with all hosting plans ? Looks like a scam to me, but we have no choice. Google is drunk with power, unfortunately, so I do not think this is to help the consumer, but rather to make more money or they flag your website as unsafe.
You can go to SSLforfree.com and get secured for free. Do it manually. It’s a simple process.
Thank you SO much!
Agree