Google has been actively endorsing SSL certification since 2014. In their official webmasters blog titled, “HTTPS as a ranking signal”, which was published in August 2014, they had recommended HTTPS encryption for all. The blog also states that, “Security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default…”, adding further that, “For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms…” This made it clear that websites with SSL certificate will have an advantage for SEO ranking. In 2015, Google’s Gary Illes made a statement that “HTTPS May Break Ties Between Two Equal Search Results” This pushed a lot of digital marketers towards SSL products and towards switching form HTTP to HTTPS.
Again in 2016, Google announced that “Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure”. This essentially means if your website does not have SSL certificate installed, Chrome users will get a notification that they are on a “non-secure” website – this can negatively impact your business and customer perception. According to Google, “A substantial portion of web traffic has transitioned to HTTPS so far, and HTTPS usage is consistently increasing. We recently hit a milestone with more than half of Chrome desktop page loads now served over HTTPS. In addition, since the time we released our HTTPS report in February, 12 more of the top 100 websites have changed their serving default from HTTP to HTTPS.” This can be validated by looking at of 2017, a growing number of websites are SSL validated and are winning their customers’ trust. Many examples of websites that moved have noticed that their keyword ranking and their overall page visibility has increased significantly. It is thus evident that 2017 will be the year of HTTPS and SSL certifications. SSL certificates have managed to change the internet forever.
Google terming a website “not secure” does not necessary mean the site is blocked but it will certainly put a question mark in the users mind if they should be viewing this site or should they exchange any information either with the site or through the site. Chances are the user may plainly prefer to avoid using these sites. This makes it imperative for organizations or websites to have the SSL certificate to conduct business and maintain consumer trust.
Popular open-source Content Managements Systems (CMS) like Word Press also wants websites to move towards SSL. In their blog dated December 2016, they have clearly stated that, “First, early in 2017, we will only promote hosting partners that provide a SSL certificate by default in their accounts. Later we will begin to assess which features, such as API authentication, would benefit the most from SSL and make them only enabled when SSL is there”. Other popular CMS may also follow suit making it absolutely necessary for website to get SSL validation.
Many theories also suggest that not all users pay attention to the lock on their chrome bar and proceed browsing the website that has been flagged unsafe by Chrome. Moreover, it is just chrome that is tagging an HTTP site as unsafe other browsers do not have any such restrictions. Chances are that in the near future they will follow suit and may even block websites. Sooner or later websites will have to migrate to a HTTPS website or get the SSL certificate.