Last year, Google made a statement that they will be moving towards being proactive on a more secure web. Taking measures by marking sites that are “not secure” in their Chrome browser as such will hopefully lead an initiative to secure your site.

Sites won’t just be marked when a user visits them. Google stated that sites with an SSL (Secure Sockets Layer) or TSL (Transport Layer Security) certificate will rank better in searches back in 2014.

What Does it Mean to Be Secured?

When browsing an unsecured site, everything you look at can be seen by anyone on that network. The pages you view, articles you read, and even what you type into forms.

How about forms that require you to type in sensitive data such as your name, address, or even credit card information? This is exactly why your URL changes in Google Chrome when typing into a form currently.

If someone can gain access to the network, they can now spy and gather sensitive information on you. If you think “hacking” is hard to do then you haven’t read “15 Vulnerable Sites to Practice Your Hacking Skills”. Just about anyone with a little JavaScript knowledge can gain access to unsecured apps and sites.

How Can I Tell if My Site Isn’t Secure?

If you’re using Google Chrome, up in the top left hand corner by the URL in your browser, you should see a green lock with the word “secure” next to it.

Additionally, the HTTP characters before it will read “HTTPS”, with the ‘s’ at the end. If you look up at the URL right now, you will see Evergrow is marked as a secure site (you’re welcome).

So What Does It Look Like if It Isn’t Secure?

Simply like this:

Example of Not Secure

Instead of the green lock and word “secure” next to your site name, you’ll just get a dull, black, circled exclamation point. However, it is Google’s intentions to start warning users in a much more noticeable way in coming months. This is simply one of the first steps.

From January to October of 2017, Google had marked pages with the exclamation point. Once October hit, they started including it in two more places and made it more prominent to users that the site was not secure.

The first is when you start filling out a form. The secure label to the left of the URL will change and the added words “Not Secure” will appear to the left.

The second place is while in Incognito mode.

If you aren’t familiar with Incognito mode, allow me to explain.

It’s a window you can open that doesn’t store or report history, cookies, or any kind of data. Google feels it was the right move to make the mark on Incognito windows. This is due to the level of privacy these users already wish to have.

See the examples below:

Example of unsecured site when for is filled in incognito mode

As of right now, Incognito mode will always display a “Not secure” warning before the URL. An unsecured website opened in a standard tab will only display the exclamation point. Once data is entered in a field on the site, the “Not secured” words pop up.

The field could be a search bar or even a form.

The gif below illustrates how this works.

A site being marked unsecured when data is input

But Wait, There’s More…

Google’s not playing around with unsecured sites. As mentioned above, they’re not just warning users they’re on an unsecured site.

They’re ranking your site lower in their search engines than your secured competitors.

See more on SEO: What is SEO?

Back in 2014, Google made note that they want to move toward a more secure web. The first step in doing this was bolstering the search rankings of secured sites by including it in their algorithm.

Although this only affects 1% of global search query rankings. Google expressed they may have plans to strengthen the signal of this ranking factor. The minor change over 3 years ago was simply to give webmasters time to switch their site over.

You can read it all from Google here.

Side note: It’s been 3 years. You should make the switch ASAP.

Currently, Google uses over 200 ranking signals every time a search is conducted. This just being one of them.

If you’re interested, backlinking is argued to be the number one ranking signal.

How Do I Make My Site Secure?

This is actually pretty simple. All you have to do is go through whomever hosts your website and get an SSL/TSL certificate for your site.

If you host your website through a hosting service such as GoDaddy, you can get an SSL for your site for $59.99 for the first year, so an additional $5/mo. Otherwise a lot of website platforms, like Wix, provide an SSL if you host with them.

See 13 reasons why you need a website today!

It’s important to remember that getting an SSL certificate for your site will change your website URL. It will change it from “http://” to “https://”.

Since your website URL changes, you will need to set up a 301 redirect from your old site to the new URL.

Uh, what?

A 301 redirect is simply a protocol that tells any link read as one thing to redirect to another URL. This is common when companies change their name or purchase other businesses. Instead of sending users to a website that no longer exists, old users that type in the old site address will get redirected to the new address.

To learn how to do this, you can check out GoDaddy’s instructions. Or if you have a WordPress site, here is an easy guide as well.

A Secure Site Doesn’t Mean a Safe Site

Although the steps Google is taking isn’t going to prevent phishing sites from populating the internet, it is a step in the right direction. But that didn’t stop phishing and scam sites. After the announcements of these sites started obtaining SSL/TSL certificates.

For example, a lot of sites will create domains very similar to a large company’s and even register it with an SSL. These sites are designed to scam and take your information. This exact thing actually happened to Apple not too long ago.

Extra Security – EV SSL

For those larger companies, there is something called an EV SSL (Extended Validation Secure Sockets Layer).

This is something larger eCommerce businesses should invest in. Since customers are giving credit card information online and expecting to buy, they want to know the site they are on is legitimate.

The process of acquiring an EV SSL is a bit more extensive and requires full organizational authorization. In other words, you can’t just get an EV SSL upon purchasing your domain.

For an example, you can take a look at Apple’s site, which has the extra security.

Example of EV SSL on Apple's site

Notice how it doesn’t say “secure” as it does on a site with a standard SSL. It now has the name of the company and country of origin. This is to let users know they are on the correct site owned by Apple.


So what now? Google ranks unsecured sites lower and notifies users about not being secured. It’s clear to see that the next step you need to take is to get an SSL certificate for your domain.

Not just to secure your site, but also for your on-site SEO.

It’s easy to do, inexpensive, and not having a certificate will have a lot more negative consequences in months to come.