SEO warning! Does your non-SSL website have a login form?

WordPress security imageAs part of Google’s campaign to make the internet 100% SSL, they’ve started penalising sites that let users login over an insecure connection.

Google have recently started contacting some of our clients to let them know their sites will be affected.

This is a really simple guide to SSL and how it might affect your website.

What is SSL?

SSL stands for secure socket layer. It’s a technology that encrypts the connection between your web server and your visitors’ browser. This makes the website more secure. To get SSL, you need a valid SSL certificate installed on your web server.

There are a few ways to tell if a website has an SSL certificate. Look at the address bar at the top of your browser. If the address starts with https then the site uses SSL. If it says http then it doesn’t. There should also be a green padlock. Depending on your browser, the word ‘Secure’ might appear alongside the padlock.

You can see all these signs in the screenshot below:

Does a website have SSL

Isn’t SSL just for protecting payment data?

A few years ago, SSL was only used on websites storing sensitive information such as online banks and e-commerce stores.

More recently, there has been a big movement to encourage ALL websites to use SSL. Even sites that don’t store any sensitive data such as brochure-style websites.

Will my SEO suffer if I don’t use SSL?

In a word, yes.

Google has already changed its algorithms to give websites using SSL a ranking boost. This isn’t the be-all-and-end-all for your SEO because there are so many factors that determine your ranking. However all else being equal, a site using SSL will be ranked more highly than an identical site without SSL.

What has changed for non-SSL sites with user login pages?

The move towards an SSL web has been going on for years. The latest development is that Google have started putting pressure on websites that let users enter login details (e.g. a password) over an insecure connection.

This might apply to you if your website includes a login form – either on a page or in a popup. You might have a membership site, blog with comments system and user registration, etc.

Google are putting pressure on sites with insecure login forms by:

  • Displaying a ‘Not Secure’ notice in the address bar for your visitors who use Chrome.
  • Displaying an error which is visible to developers who use the ‘Inspect Element’ function.
  • If you use Google Search Console, you’ll also receive an email titled ‘Non-Secure Collection of Passwords will trigger warnings in Chrome 56 for [your-domain]‘.

Insecure login form warning

I’m not aware that they are de-ranking these sites yet, but I imagine it’s only a matter of time before it affects your SEO as well as putting off visitors.

How can I get an SSL certificate?

The good news is that web hosts are making it easier and easier to get SSL certificates. Talk to your web host.

If you use our premium WordPress hosting, please contact us about setting up an SSL certificate. Even if you don’t have a login form on your site, SSL will benefit your SEO so it’s definitely worth doing. We can also provide SSL certificates under our affordable web design service.

If you arrange your own hosting, wplift have produced a helpful guide on free SSL certificates and where to get them.