Dave Slovin, president of PracticeProfs (Courtesy photo) Dave Slovin, president of PracticeProfs (Courtesy photo)


This week, Google started marking all non-encrypted websites as “not secure” when viewed through its Chrome browser, which has about a 60 percent market share. If your firm’s website address starts with HTTP rather than HTTPS, you are impacted by this update, and your website visitors will notice. You won’t fall off the internet like some unscrupulous vendors claim, but now is a good time to follow Google’s lead, contact your web team and encrypt your website.

Google Makes Good on Its Security Promise

For the past couple of years, Google has been pushing for a safer web experience by asking website owners to adopt new security protocols. You might have noticed there are fewer website addresses starting with HTTP as more sites have transitioned to HTTPS encryption. In fact, Google claims that over 73 percent of traffic on its Chrome browser is now protected, up more than 20 percent in just one year.

You’ve read about compromised networks redirecting visitors to fake websites, and eavesdropping of browsing activity through Wi-Fi networks, by internet service providers, and even (allegedly) by government agencies. While HTTPS isn’t perfect, encrypted websites keep these issues from occurring by authenticating your website, limiting the search data that can be seen by prying eyes or entities, and blocking outside access to unencrypted data—such as your website contact form.

Up until now, Google has focused on larger websites, especially those conducting financial transactions. As of this week, the new Google Chrome browser version 68 started highlighting all HTTP websites as “Not Secure.”

Google Chrome’s new warning from most recent post on the topic.

Time to Encrypt Your Firm’s Website

If you haven’t yet transitioned to HTTPS, there’s no need to panic. This isn’t another Googlegeddon, as encryption currently plays only a tiny role in determining your search engine exposure. That said, there are three great reasons to make the change sooner rather than later:

  • As a trusted resource, you don’t want clients to see a “not secure” indicator when they visit your site—especially if it includes a secure client portal.
  • The change should be inexpensive, with an SSL digital certificate (the key ingredient for HTTPS) costing $30 to $100 annually depending on where you buy it. Some hosting providers are now even offering free SSL certificates.
  • Google will continue to continue its quest for a safe and secure web. More changes are coming that will impact your website.

Implement HTTPS the Right Way

Your web team can handle this for you, but there are still several steps required to ensure that the site is actually secure and visitor traffic isn’t impacted. Here is generally what needs to happen:

  1. Purchase and install the SSL certificate—the easy part, especially if you have a modern WordPress website.
  2. Permanently redirect your website address from HTTP to HTTPS—automatically sends visitors (and Google bots) to the right site.
  3. Change static HTTP references on website pages to HTTPS—this last step is often overlooked, causing a “not fully secure” warning when people visit your website.

What Will Google Do Next?

That’s a great question, but no one other than Google employees really know the answer. Google has hinted that it will start penalizing non-secure websites at some point. It will also start using speed as a website ranking factor for searches made on mobile devices. As we’ve experienced with these new security guidelines, Google normally keeps its promises.


Dave Slovin is president of PracticeProfs, an Atlanta-based agency that provides comprehensive marketing management services for law firms.