Update: 10 Oct 2019

While Google  already blocks some types of “mixed content” on the web and makes it difficult to view non SSL websites it has now announced that from early 2020, Chrome (and other browsers will follow that example so they don’t appear “insecure” ) will block all mixed content by default, breaking some existing web pages. Which makes the information below on why all websites need to have a valid SSL certficate below even more pertinent.

What is mixed content

Mixed content is confusing. If you are viewing a web page that’s both secure and not secure. For example, a usually safe and secure web page via https but the web page is getting a JavaScript file via HTTP then it is possible that the script could be modified—for instance, if you’re on a public Wi-Fi network that isn’t secured—to insert malicious code into the  web page that could monitoring your keystrokes etc.

Google announced in September on it security blog that if your website is not using HTTPS/SSL when they implement their latest changes  in 2017, your website credibility and search engine rankings may be affected. Chrome- Googles web browser  has already begun to mark non-secure pages containing certain input fields as Not Secure in the URL bar as you can see below. 

At the moment this only appears on non-SSL pages that ask for a password or credit card information and  it’s not too noticeable. But Google  has confirmed that in the near future, this warning will appear on ALL pages served over HTTP vs. HTTPS and it will be in RED and look like this NOT SECURE- not exactly the sort of thing that will instill confidence in your website!!

There is already a lot of research which shows that Google is already using  HTTPS as a ranking factor…SSL DOES Correlate with Higher Rankings!!

Websites need to convert from HTTP to HTTPS to Avoid the ‘Not Secure’ Warning and feel confident with a Secure green padlock

Another reason why you should convert your website to HTTPS/SSL is that its safer for your visitors

HTTPS and SSL prevent man-in-the-middle attacks.

When an SSL certificate is installed on a web server, it operates as a padlock and acts as a secure connection between the web server and browser. An SSL certificate binds together your domain name (or server or hostname), company name and location. While how an SSL certificate works goes into more details–involving a public key and a private key–what you need to know here is this: Even if a hacker manages to intercept your data, he won’t have the private key to decrypt it. Basically HTTPS and SLL adds extra layers of protection.

So what do website owners need to do

The first step would be to contact their webhost and purchase and  install a Secure Socket Layer certificate (SSL)  to ensure that data between your web server and browser remains private and secure and they are not penalise by Google’s SSL update.