SEO warning! Does your non-SSL website have a login form?

By Updated: March 24, 2018 4

WordPress security imageAs part of Google’s campaign to make the internet 100% SSL, they’ve started penalising sites that let users login over an insecure connection.

Google have recently started contacting some of our clients to let them know their sites will be affected.

This is a really simple guide to SSL and how it might affect your website.

What is SSL?

SSL stands for secure socket layer. It’s a technology that encrypts the connection between your web server and your visitors’ browser. This makes the website more secure. To get SSL, you need a valid SSL certificate installed on your web server.

There are a few ways to tell if a website has an SSL certificate. Look at the address bar at the top of your browser. If the address starts with https then the site uses SSL. If it says http then it doesn’t. There should also be a green padlock. Depending on your browser, the word ‘Secure’ might appear alongside the padlock.

You can see all these signs in the screenshot below:

Does a website have SSL

Isn’t SSL just for protecting payment data?

A few years ago, SSL was only used on websites storing sensitive information such as online banks and e-commerce stores.

More recently, there has been a big movement to encourage ALL websites to use SSL. Even sites that don’t store any sensitive data such as brochure-style websites.

Will my SEO suffer if I don’t use SSL?

In a word, yes.

Google has already changed its algorithms to give websites using SSL a ranking boost. This isn’t the be-all-and-end-all for your SEO because there are so many factors that determine your ranking. However all else being equal, a site using SSL will be ranked more highly than an identical site without SSL.

What has changed for non-SSL sites with user login pages?

The move towards an SSL web has been going on for years. The latest development is that Google have started putting pressure on websites that let users enter login details (e.g. a password) over an insecure connection.

This might apply to you if your website includes a login form – either on a page or in a popup. You might have a membership site, blog with comments system and user registration, etc.

Google are putting pressure on sites with insecure login forms by:

  • Displaying a ‘Not Secure’ notice in the address bar for your visitors who use Chrome.
  • Displaying an error which is visible to developers who use the ‘Inspect Element’ function.
  • If you use Google Search Console, you’ll also receive an email titled ‘Non-Secure Collection of Passwords will trigger warnings in Chrome 56 for [your-domain]‘.

Insecure login form warning

I’m not aware that they are de-ranking these sites yet, but I imagine it’s only a matter of time before it affects your SEO as well as putting off visitors.

How can I get an SSL certificate?

The good news is that web hosts are making it easier and easier to get SSL certificates. Talk to your web host.

If you use our premium WordPress hosting, please contact us about setting up an SSL certificate. Even if you don’t have a login form on your site, SSL will benefit your SEO so it’s definitely worth doing. We can also provide SSL certificates under our affordable web design service.

If you arrange your own hosting, wplift have produced a helpful guide on free SSL certificates and where to get them.

Katie Keith

An active member of the global WordPress community, Barn2 Co-Founder Katie loves collaborating with other plugin companies. Her articles have been published on high profile sites including WPTavern, Torque and IndieHackers. She oversees all plugin support and deals with 'Tier 2' support requests about how to use Barn2's plugins in advanced ways.

4 Comments

  1. Steve
    May 2, 2017 Reply

    Hi Katie,
    thanks for the article, it's very illuminating as this is something I have been looking into recently for websites without memberships and logins. What would be your view in regards to Google penalising sites with contact forms as I would imagine this is the same level of detail required to leave comments and customer information is being collected?

    • Katie Keith
      May 2, 2017 Reply

      I don't think there is any issue with contact forms as they typically don't collect confidential data such as passwords. Perhaps this will change in future as Google continues clamping down on non-SSL sites, but I'm not aware of anyone being penalised for non-SSL contact forms yet.

  2. Chris
    January 27, 2017 Reply

    Hi Katie

    What you said is true, SSL will give a slight boost.

    I think many are not switching to SSL because they loose their social counter for Facebook shares, but Twitter catches with time.

    Also now a days we can even get an EV SSL for less than $50.

    • Katie
      February 6, 2017 Reply

      That's a really good point, I know that switching to SSL won't hurt your SEO despite the change or URL and even improves SEO as Google reward sites with SSL, but I hadn't thought about the impact on social counters. The price of SSL certificates has really come down in the last few weeks, and they're also easier to set up than ever before if you have a good web host.

Please share your thoughts...

Your email address will not be published.