For the past several years Google has tried to encourage everyone to make their websites more secure. Any site that switched from http to https got a small boost in their search engine ranking.
That hasn’t had much impact (I know of dozens of site owners who did not think this was an important issue), so now Google is swapping the carrot for the stick.
Starting in July 2018 Chrome is going to start throwing up red flags whenever a user visits any webpage starting with http instead of https.
This change is coming with the release of Chrome 68, and it’s going to affect every website that has a contact form or a comment section, as well as websites that simply collect emails for a newsletter.
But the thing is, Google isn’t going to be telling website owners that their sites may have a problem; instead, Google is going to be telling users.
Anyone who visits those sites will see a “Not Secure” warning in their address bar when they are on a page with that contact form, comment section, etc.
So if you have a website that has yet to switch to https, in a few short weeks you are going to have people sending you emails expressing concern because Chrome said your site is insecure.
So what does this mean for you?
That really depends on where your website is hosted.
If your site is on Blogger, Squarespace, or WordPress.com, you can take it easy. You either have https already, or it can be enabled with minimal hassle.
But if your site is hosted elsewhere, we’re going to need to look into what it will take.
I’m not playing coy; there are thousands of hosting companies, and each has their own quirks, technical requirements, and unique solutions.
Siteground, for example, lets you add https to a site on its servers simply by clicking the appropriate checkbox in the account admin pages (it cost my client nothing). And as I recall Bluehost was relatively simple, while my hosting company, on the other hand, charges a small annual fee (and did all the work for me).
If you are just looking into this issue now, I can help.
I have helped a couple sites switch to https, including my blog and this site. I have learned the hard way that any instructions that hosting companies will give you will be incomplete (they never tell you everything).
For example, if you use Google Analytics or Google Search Console you will need to change several settings in those services after you switch to https. Also, if you value your social media share counts then you may want to take steps to get credit for the shares that credit the old http version of the site.
And most instructions on this topic leave out the important detail that existing sites will need to force all their content (such as images) to use HTTPS, otherwise the pages and posts you published last week, last month, or last year will not be completely secure. On WordPress sites this can usually be solved with a plugin like SSL Insecure Content Fixer (this one worked on every site I’ve tried).
Please do let me know if I can help you further.