Google has long been in the business of using incentives and disincentives to bribe websites into conforming to Google's vision for the web. 2018 looks to be the year that a secure web moves to the top of Google's list of priorities.
Account hacking and data breaches are an enormous problem with long range consequences for internet users and companies of all sizes. Online payment gateways and contact forms are weak links that hackers target on HTTP domains, and both personal and financial data are at continuous risk. Google wants to make sure that users' security is protected, and the way in which they intend to accomplish this goal is to crack down on companies with web domains that still use the HTTP protocol.
The HTTPS protocol, the modern version of the HTTP protocol, is more secure, establishing an encrypted connection between a server and a web browser that ensures the third parties cannot interfere with data transfers. In order to have an HTTPS domain, companies must incorporate an SSL certificate. When users land on pages that do not have SSL certificates Google will send them a notification of the page's lack of security. Google believes these alerts will impact users perception of safety and the trust they have in the websites they access - which will impact traffic to any outdated sites. Google intends to lower SERP rankings for sites with HTTP domains as well.
Chrome v62 has already begun to prioritize HTTPS domains over HTTP ones. For over a year now, since the release of Chrome v56, Google has been marking pages as insecure under certain circumstances: HTTP pages that have password or credit card fields, for example. The goal is to eventually mark all HTTP pages as insecure, displaying a "Not secure" warning to the user when they try to access those pages and gradually broadening the criteria that trigger that warning.
What do companies with outdated domains need to do? First they must check that their sites have dedicated IP addresses. Some cheaper hosting options will assign shared IP addresses that are far less secure. With a dedicated IP address, a site will be able to purchase an SSL certificate. The SSL certificate assigns identification to the website. Certificates can be purchased from a number of SSL service providers; however, as of last September, Google made the decision to stop trusting Symantec issued SSL/TLS certs. Once the website has a certificate, the next steps are activation and website updating.
Recent SEO research has found that "the more popular the key-words are, the more likely it is that the top positions will be occupied by HTTPS domains." In the low-volume keyword arena, far fewer companies had HTTPS domains, so the companies that do invest in domain security have an SEO edge there too. Companies looking to optimize their page rankings for high-volume keywords and maintaining the trust they have built with their customers or audience must have an HTTPS domain in 2018.
If your website is outdated in terms of protocol or any other factor and it is impacting your search rankings and website traffic, call Corporate Conversions. We would be happy to be of help with any website issue you have.