Welcome to WebmasterWorld Guest from 23.20.65.255

Forum Moderators: phranque

Featured Home Page Discussion

What will happen if I don't switch to HTTPS?

possible downside of non-secure pages

     
12:23 am on Feb 18, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:8002
votes: 284


Many site owners are still deciding if or when they will follow the new SSL standard of using a security certificate and switching to HTTPS.


Possible downside of not switching to HTTPS*

• Visitors may start to decline. As discussions about secure web sites become more popular, visitors may avoid non-secure web sites.

• Browsers are still transitioning but the warnings will get more explicit for ALL pages, not just Credit Card or forms. These warnings may further scare off visitors.

• Google has made statements that secure sites will gain advantage in mobile & desktop SERP. HTTPS is already being displayed for secure sites. Bing & other Search Engines will surely follow.

• Eventually, non-secure websites may be considered unsafe to users and purged from SERP altogether.

• Browser support for HTTP/2 protocol is only for HTTPS websites. This protocol greatly speeds up page loads. If your site is not secure, you will not benefit.

*Possible scenarios, no one knows for sure.
10:05 am on Feb 18, 2017 (gmt 0)

Senior Member from LK 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2626
votes: 75


The thing is are you really considering never switching? It is becoming easier and easier to switch, so you simply wait until it becomes painless, or until one of the above happens that is unaceptable to you.
3:07 pm on Feb 18, 2017 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Sept 12, 2014
posts:377
votes: 64


I always wait. The cutting edge tends to get #*$! and i am over it. Not long ago i was told by all the experts that i had to set up authorship or my site would disappear. I will wait until my tablet stops telling me i can not get into https sites from https google due to lack of a secure connection.
5:22 pm on Feb 18, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:13599
votes: 412


Someone has to be first, but it doesn't have to be me. Couple decades back, someone had to buy those early CD burners that cost $999, or the price would never have dropped down to $99 (and, still later, to effectively nothing).

I suppose eventually https will be the standard, and the only people with http connections will be the ones running their own little server out of their garage.
5:43 pm on Feb 18, 2017 (gmt 0)

Full Member

Top Contributors Of The Month

joined:Nov 13, 2016
posts: 348
votes: 49


>> the only people with http connections will be the ones running their own little server out of their garage. <<

I think it's easier to run a site in HTTPS if you run your own server even from your garage, than if you have to rely on your webhost to activate something on their side.
5:54 pm on Feb 18, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Feb 12, 2006
posts:2595
votes: 67


if google flashes up scary warnings for half the sites in their SERPs then two things will happen: visitors won't visit the sites, and they'll think that google's SERPs are totally rubbish, and sending them to unsafe sites (they don't know the background behind http and https -- all they know is they're seeing a big scary unsafe button every time they click one of google's link in the SERPs).

that's why i don't think the warnings will spread as far as some people are suggesting.
i'm sure they'll stick them on http pages with password fields, etc, but they won't put them on plain pages.
that will just make google look bad in the eyes of the uneducated public, and they won't want that.

purging perfectly safe sites from the SERPs just because of this is daft. all that will do is make their SERPs worse. so they won't do that either.

...but having said that, I know we'll probably all end up doing it anyway.
7:13 pm on Feb 18, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:8002
votes: 284


I suppose eventually https will be the standard
It is now the standard as indicated by all the major browsers.

i don't think the warnings will spread as far as some people are suggesting.
i'm sure they'll stick them on http pages with password fields, etc, but they won't put them on plain pages.
The browser warnings are now live for all pages including plain pages.
8:32 pm on Feb 18, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Feb 12, 2006
posts:2595
votes: 67


Warnings imply something that people actually notice. Those aren't warnings. At least, not the little info circles that I have seen on chrome and Firefox
8:47 pm on Feb 18, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:8002
votes: 284


Warnings imply something that people actually notice. Those aren't warnings. At least, not the little info circles that I have seen on chrome and Firefox
Again, the browsers are in transition. The icons currently being displayed will likely change to more explicit warnings. Google has been pretty clear about this.

Also, Firefox is not used by the average person. Most people use Chrome, Safari & IE/Edge. Check your pages in Chrome56 for an up-to-date display of what users see on your page.
9:56 pm on Feb 18, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:13599
votes: 412


the little info circles

It isn't the little info circle, it's the adjoining icon. (Assuming you haven't set your monitor to grayscale, which some people have to do for accessibility reasons.) If you glance up at your address bar and see something with a red slash through it, while other sites showed a reassuring green, you're bound to think something is not right.
12:18 am on Feb 19, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member aristotle is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Aug 4, 2008
posts:3101
votes: 210


Maybe I'll do it eventually, but I don't see any good reason to do it now.

By the way, google gave blogspot users the option to switch to https, but the vast majority haven't done so. What's google going to do about that?
12:40 am on Feb 19, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member farmboy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 6, 2005
posts: 2785
votes: 22


This is somewhat of a FWIW remark, but I remember a discussion here on Webmaster World way back in the last century when someone declared "email is dead".

FarmBoy
12:52 am on Feb 19, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:8002
votes: 284


@FarmBoy - let's try to stay on topic :)
4:10 am on Feb 19, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:13599
votes: 412


I think it was meant as an analogy.
4:24 am on Feb 19, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member farmboy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 6, 2005
posts: 2785
votes: 22


I think it was meant as an analogy.


It was.

Not only do I qualify as a rookie in the webmaster world, but obviously in the humor world also.

The point was, years ago email was declared dead, yet it sure seems to be alive and kicking today in a lot of different ways. Time well tell what the "https or not" world looks like a few years from now.

On that point, is anyone aware of a hosting service only offering to help someone put up a new site and only offering https? What I have seen as of now makes me think they are interested in selling https whatever to new customers, not in pointing out that it's coming soon, pay for this train now or get ran over tomorrow.

But who knows, that could change tomorrow.

FarmBoy
4:36 am on Feb 19, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:8002
votes: 284


What I have seen as of now makes me think they are interested in selling https whatever to new customers
There 's no charge to change your protocol to HTTPS. Most hosts also will install a free security certificate like Lets Encrypt [letsencrypt.org] which works great (I use one myself.)

BTW - I use HTTPS email.
11:29 am on Feb 19, 2017 (gmt 0)

Senior Member from NL 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1384
votes: 158


The cutting edge tends to get #*$! and i am over it.

HTTPS was created in 1994, though. Hardly cutting edge ;-)

By now I've secured all my connections, including HTTP as well as FTP, POP3/IMAP and SMTP. For HTTPS, HTTP/2 was a big motivator [http2.golang.org], but I also rest easier knowing all traffic is encrypted. Plus, I find it all rather interesting; it's a learning experience.

One downside of not switching to HTTPS now is that you'll probably have to do it later.
12:32 pm on Feb 19, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:8002
votes: 284


@Robozilla - that golang.org link is great.
10:32 am on Feb 20, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:8002
votes: 284


By now I've secured all my connections... as well as FTP
I've been using SFTP (secure ftp) for several years. It was the first time I considered eavesdropping and the vulnerability of unsecure connections.
11:15 am on Feb 20, 2017 (gmt 0)

Full Member

Top Contributors Of The Month

joined:Nov 13, 2016
posts: 348
votes: 49


Also, do not underestimate the paranoia of people. By hearing all the time about hacking, spying, NSA, Russian, identity thief, etc… even if people do not understand what HTTPS is exactly (beside logging to their bank account), they might start running away from non HTTPS for non rational reason. Also, when Google repeats over and over how they contribute to make the web safer (which is partially a marketing argument too), this will contribute to convince people that HTTPS site are safer for them, their family and pets.
1:46 am on Feb 21, 2017 (gmt 0)

Full Member from US 

10+ Year Member

joined:Apr 11, 2006
posts:213
votes: 15


By the way, google gave blogspot users the option to switch to https, but the vast majority haven't done so. What's google going to do about that?


You get an annoying nag every time you attempt to post a non-https URL:

"This page contains HTTP resources which may cause mixed content affecting security and user experience if blog is viewed over HTTPS."

I guess they expect you to just delete any non-https URL, but I just dismiss the nag.
2:10 am on Feb 21, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:8002
votes: 284


I guess they expect you to just delete any non-https URL
or add an "s" to the end of HTTP. However, not all URLs will support the "s"

Must be an extra challenge for discussion forums where members are free to post links.
2:19 am on Feb 21, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member aristotle is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Aug 4, 2008
posts:3101
votes: 210


Must be an extra challenge for discussion forums where members are free to post links.

I don't understand what challenge you're referring to. People should still be able to post a link to any other site regardless of whether it's http or https.
3:02 am on Feb 21, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:8002
votes: 284


I don't understand what challenge you're referring to. People should still be able to post a link to any other site regardless of whether it's http or https.
Agreed, you should be able to post both type links.

This was according to super70s...
You get an annoying nag every time you attempt to post a non-https URL
He may be referring to images or other on-page resources.
7:08 am on Feb 21, 2017 (gmt 0)

New User

5+ Year Member Top Contributors Of The Month

joined:Nov 4, 2008
posts: 22
votes: 0


i know that SSL is a ranking signal, but is there a noticeable ranking increase when switching to SSL?

can the ranking difference be observed in the traffic? or is it undetectable?
8:06 am on Feb 21, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:8002
votes: 284


is there a noticeable ranking increase when switching to SSL?
I don't think so, at least not yet. Remember, this change is still in transition. There may be an index update in the future where we see an obvious ranking advantage, or more likely a disadvantage for unsecure sites.

However you may see a traffic increase as things move forward. People will trust HTTPS sites more & more.
10:39 am on Feb 21, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

joined:July 29, 2007
posts:1756
votes: 84


Google can't show warnings if there are too many non-https sites or they will scare visitors in general. They can downgrade the rankings of non-https sites but if they downgrade a page ONLY because it is not HTTPS they effectively downgrade the quality of their own index. Some sites are plain html with no database that do not sell items, accept personal information or have a login system at all so it would be really dumb to kick them out too.

Basically Google has to decide when "this is good enough" and take the plunge... but until then you can hold off and, hopefully, find a better deal. Https is, in some cases, 10x more expensive than the domain alone.
10:43 am on Feb 21, 2017 (gmt 0)

Full Member

Top Contributors Of The Month

joined:Nov 13, 2016
posts: 348
votes: 49


Today, it became free to switch to HTTPS, so it's not a matter of spending more money. It's easier to switch to HTTPS than making a site mobile-friendly.
10:50 am on Feb 21, 2017 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:10809
votes: 53


He may be referring to images or other on-page resources.


"This page contains HTTP resources which may cause mixed content affecting security and user experience if blog is viewed over HTTPS."

I guess they expect you to just delete any non-https URL, but I just dismiss the nag.


i would assume that's a low level warning message which would result from, for example, hotlinking to a non-https: image from a blogger post.
they expect you to serve all external resources on your page using secure protocol.
11:30 am on Feb 21, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:8002
votes: 284


Google can't show warnings if...
The browsers show the warnings. I've not seen anything official that Google (Google's index or SERP) will show a warning. Google & Bing SERP currently do display if a site is HTTPS though.

Https is, in some cases, 10x more expensive than the domain alone.
That is not a true statement. HTTPS has nothing to do with how expensive a domain is. Using HTTPS costs nothing. It's a protocol used by the browser to talk to the server.

Certificates do cost a nominal yearly fee, but there are free certs that work well for most sites, example Lets Encrypt [letsencrypt.org]
This 166 message thread spans 6 pages: 166