Google have taken the unusual step of announcing two future changes to their products rather than to introduce them without notice. Previously Google algorithm changes have been dropped without warning and have caused hysteria as businesses realise their rankings and traffic have dropped to terrifyingly low levels. It’s a change of tactic and by giving businesses advance warning of the update will avoid too much turbulence to website rankings for those who make the measures needed. Here are the upcoming changes.
Google will penalise mobile websites with intrusive pop ups.
The annoying pop up marketing messages you get when you enter or leave a website may have had their day. These are the intrusive interstitials that Google will start to penalise websites for having. Starting on January 10, 2017, websites with these disruptive pop ups may not rank as highly in Google search results. The reason for this update is straight forward in that Google’s aim has always been to provide the best possible results to a search query and user experience is a key factor in this. They have taken the decision that intrusive pop up banners detract from the experience to the extent that a penalty will be applied to sites practising these marketing techniques.
Luckily, this problem can be easily fixed. If your website uses these pop ups you can replace them with less intrusive messages. For example, instead of pop ups that block out the whole page, create a small button at the bottom that will show the same pop-up message when clicked. It is important to note that this penalty only affects sites that have pops ups that are triggered without the users intent so based on timed events or when are user tries to leave the page.
Google offers some exceptions to this pop-up rule: interstitials for cookie policy agreement, age verification or ones that use a fair amount of screen space are allowed. If you have your message using a reasonable amount of screen space e.g. like a small box in the bottom right corner or a slim top banner you won’t be affected.
An example of an intrusive popup, and an example of an intrusive standalone interstitial:
The other big change is that…
Google will label HTTP websites that collect passwords or credit card information as non-secure.
This is a big one and is set to impact the majority of business websites. Until recently you would normally only see an https://www address when logging on to a secure site such as bank, or shopping online, or any website that contains user data that could be exploited. Google now wants this across all sites and for the traditional http://www to be retired.
HTTP is the code right before the “www” in a website name. It means Hypertext Transport Protocol and refers to the type of information exchanged. Currently Google does not indicate a non-secure HTTP connection. But starting in January 2017, Google will start warning visitors when a website does not use HTTPS.
The problem with HTTP is that it is not secure. Hackers are able to ‘listen’ in to any data that is passed between your visitor’s browser and your website. This could be sensitive data such as credit or debit card details or login credentials for their website.
Using HTTPS to secure a website means an encrypted connection is made between the users browser and your website so that any data passed between them cannot be intercepted.
Google have been keen to promote secure sites since August 2014 when they announced they would use this as a ranking factor in search results, so it has been a positive addition to a site for a while now. The step they are taking next year takes things a further leap forwards and is effectively naming and shaming sites that are not secure nor doing their due diligence to protect against cyber criminals.
There will be a big “non-secure” sign right next to the URL on Google’s Chrome browser (currently the most popular browser in the world), it also has warned that there may eventually be a big red triangle next to the website name in it’s search results. This means that at some point all HTTP sites will show the non-secure red triangle.
It is clear that such a message will deter many users from proceeding to view a website and as such this risk will lead to many sites adding security features to make their sites secure.
Why Are Google Making Website Security So Important
Google believe that if you run a website whether business or personal then it is important for you to ensure it is secure for the welfare of the users accessing it.
If your website is not secure then cyber criminals can target your website and exploit any weaknesses. They have a range of hacking tools at their disposal but a common ones is a Man In The Middle (MITM) Attack which is where details are accessed between your website and the person’s browser
To solve this problem, your company needs to install an SSL certificate to authenticate the identity of the server that hosts your website and get an encryption key to encode the information. SSL secures HTTP connections and turns them into HTTPS connections. SSL certificates are not very expensive and they are easy to install. You can now even install free SSL Certificates via a new service called Let’s Encrypt. If you would like assistance with setting up your sites SSL please get in touch and I can advise the best route forward depending on your site and current hosting provider.
