Google Web Security

Google Security Update

In recent weeks, your site may have received a security alert in Search Console, with some terms like HTTP, input, and others that, unless you're a programmer or web-savvy, you probably have no idea what they mean. Don't worry, this note will help you understand what that means and more importantly: what you need to do.
Chrome alert

First of all there is no reason for alarm, does not mean that your site was attacked, hacked or any other type of defensive security alert, it is simply a breakthrough that Google is making to improve the user experience.

As of October 2017, all sites that collect data (such as emails, phone number, or user names) will need to have the SSL or TSL certificate in order to be marked as secure.

Here is an example of the security brand vs not secure:

Sure

Safe Place Alert

Not Sure

Unsafe Site Alert

If the site exceeds certain signs of insecurity it can even show a red and open padlock (where the navigation bar is) suggesting that we do not enter the site when we click the snippet that appears in Google search results. Let’s hope that’s not the case.

The problem is not so much the brand, but what it involves being seen as “not safe” in the eyes of Google, because the search engine will always prefer sites that represent a good user experience and are safe, so as the sites move to HTTPS:// we will see the sites “not safe” be moved in positioning.

WHAT IS THE SSL/TSL CERTIFICATE?

It is a standard information encryption technology, meaning Secure Sockets Layer, preventing someone from stealing the information, and more importantly, that they can read it. And TSL is the updated version (all providers have this version, only it is common to refer to “TSL” as “SSL” yet) and is the Transport Security Layer that prevents hackers from being able to read the information during the transmission of it, between client (browsers) and servers, as well as between server and server.

As a result this gives us a secure hyper-text transfer protocol, this is the HTTPS:// we see in the Gmail example. Usually all sites with HTTPS://, are marked as safe and position a little better, because we are sure to be protecting the information that users send.

WHAT DO TO SUPPORT GOOGLE UPDATE?

The obvious answer is to implement SSL/TSL, but how do we do it? There are two options:

  1. Paying: In most hostings, where you pay for your page’s storage, they have options to implement SSL/TSL, it has an extra cost but it’s super simple basically you pay for it and the same hosting guides you through the steps you have to do (although in some hosting you probably have to do the migration anyway). It should be noted that even if this process is carried independently by hosting the site is probably “down” for a couple of days as it has to be migrated to a particular IP anyway.
  2. Manual: If you manage your own server or don’t have the option with your hosting, the process becomes a little more complicated (Here is a guide to installing SSL certificate in English),most likely you will need to perform the installation by purchasing the certificate and making the changes to the server on your own.

Both forms have pros and cons, of course paying is the easiest but usually a little more expensive, if you have no experience or a dedicated IT department or the time or resources to take care of this, I highly recommend this option. If you’re brave and trust your engineers fully, you can do it manually and have more control.

FACILITY CONSIDERATIONS

You’ll probably have to do a process similar to migrating your site, or redesigning it (you can actually take advantage of it and we recommend it since Google loves sites that are constantly updated), but as in everything redesign you have to be careful not to lose the positioning that you already have built,then you have to know how to handle backlinks with redirects, canonical tags, updating sitemaps, etc. Normally the bigger the site, it can become a little more complicated because there are more pages in motion, but if you manage to master the basics and prioritize for the most relevant content, the transition will be smooth and your positioning will not be affected (well yes, you will possibly see a positive change).

In short:

  • Google’s update requires that sites that ask for data such as name, mail, phones, etc. migrate to HTTPS to be considered secure.
  • HTTPS is achieved by installing a security SSL/TSL certificate.
  • It can be installed by paying or manually.
  • You have to be careful about the change so as not to lose the positioning that we already have.

Hopefully it’s of great use to you. If you require advice we can help you and do not forget to leave us in the comments your opinion.

Expert consulted:

SEO specialist Aaron Kamel

Share

Share on facebook
Share on twitter
Share on linkedin
Share on print
Share on email