turbin3
BuSo Pro
- Joined
- Oct 9, 2014
- Messages
- 613
- Likes
- 1,287
- Degree
- 3
According to Google Search Console today:
Although this may not necessarily apply to all HTTP pages, it appears at a minimum any pages with HTML input fields and forms will likely apply to this. Considering most sites have these, probably best to start making your plans to migrate to TLS-only for your sites. Also, if you're still on the fence, consider this clear statement from them as well:
For new sites that are still in the planning stages, I would pretty much always do TLS-only from this point on. The great thing is, with organizations like Let's Encrypt, the barrier to entry for TLS has been substantially reduced. Worst case, with a little bit of elbow grease (really just a few commands on your CLI, and a bit of copy/pasting plus some redirects), you can acquire a FREE TLS certificate through Let's Encrypt. With a bit of extra elbow grease on top of that, it's not difficult to do things like setting up a cron job to renew your certificates before they expire, automating the process for you.
The great thing is, it appears changing over and redirecting to TLS is not quite as much of an issue as it once was. I'll try to post some pics tonight or this weekend based on some recent results I've seen. Thanks to SERPWoo, tracking several domains changing over to TLS-only, I noticed the new TLS versions of ranking pages already appear in the rankings as fast as the same day, and in many cases within just 1-2 days! Pretty cool. On top of that, for a number of SERPs, I noticed a 10-30% improvement in rank. This is within the theoretical minimum 90 day window of ranking manipulation by Google based on page changes, so the results are still suspect for a few months. That said, promising results compared to the horror stories from even just a year or two ago.
Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.
Although this may not necessarily apply to all HTTP pages, it appears at a minimum any pages with HTML input fields and forms will likely apply to this. Considering most sites have these, probably best to start making your plans to migrate to TLS-only for your sites. Also, if you're still on the fence, consider this clear statement from them as well:
Although I think it's important not to be so heavily-focused on Google alone as the primary traffic source, to the point where we jump immediately at their every command, this does highlight the importance of site security and taking worthwhile steps to improve yours.The new warning is part of a long term plan to mark all pages served over HTTP as “not secure”.
For new sites that are still in the planning stages, I would pretty much always do TLS-only from this point on. The great thing is, with organizations like Let's Encrypt, the barrier to entry for TLS has been substantially reduced. Worst case, with a little bit of elbow grease (really just a few commands on your CLI, and a bit of copy/pasting plus some redirects), you can acquire a FREE TLS certificate through Let's Encrypt. With a bit of extra elbow grease on top of that, it's not difficult to do things like setting up a cron job to renew your certificates before they expire, automating the process for you.
The great thing is, it appears changing over and redirecting to TLS is not quite as much of an issue as it once was. I'll try to post some pics tonight or this weekend based on some recent results I've seen. Thanks to SERPWoo, tracking several domains changing over to TLS-only, I noticed the new TLS versions of ranking pages already appear in the rankings as fast as the same day, and in many cases within just 1-2 days! Pretty cool. On top of that, for a number of SERPs, I noticed a 10-30% improvement in rank. This is within the theoretical minimum 90 day window of ranking manipulation by Google based on page changes, so the results are still suspect for a few months. That said, promising results compared to the horror stories from even just a year or two ago.