Two weeks ago, I received not one, but three calls from GoDaddy in which their sales reps cited nonexistent Google penalties and a Vice article to fear-monger (upsell) misinformation regarding SSL certificates. We own and manage a ton of sites and urls so calls like this are not uncommon. For some reason, one of the GoDaddy reps caught my attention regarding SSL certificates so I engaged her. After I got off that call, I received two more of the same sales call from different reps over the course of the next two weeks.
All of the sales rep said that if I did not purchase an SSL certificate, Google would start to interject a page between someone clicking on my site in the search results and them actually hitting my site. This supposed Google “whitescreen” would state that my “website is not secure” and ask the user if they wanted to turn back.
In the event that I did not believe what they were saying, the GoDaddy reps also specifically told me to “search ‘Google SSL’ and click on a Vice article that was the second result”, which at the time was a Vice article about SSL certificates.
That Vice article does not mention or corroborate any of what GoDaddy told me. In fact, it only mentions what most of all already experience all of the time – that Chrome displays either a green “https”, a white “i” symbol or crossed-out red “https” in the address bar. Here is the image that Vice uses:
Chrome has since updated it to look like this:
Essentially, none of what GoDaddy said is true. While it is true that the standard HTTP format provides users no data security, by no means is Google going to penalize your site or interject their own warning screen between their indexed version of your site from the search results and a visitor hitting your site.
Here is what Google does display if your site is not secure, a white “i” symbol:
If you click on that “i” symbol, there is a small popup that reads, “Your connection to this site is not private.” That is the extent.
Clearing up some of the misinformation on HTTPS and SSL Certificates
HTTPS stands for HTTP over SSL. This means that your standard HTTP becomes encrypted for the entirety of the web communication – only you and the secure webserver can see the data transmissions.
HTTPS also ensures that the server is authentic through the use of the green padlock icon in the address bar.
The only difference you’ll notice on an HTTP page is the unlocked padlock with a red “x” or the “https” will be crossed out.
So while your site will not be actively harmed by not making the switch, continuing to use HTTP in and HTTPS world will not help your site either. In December, Google announced that the indexing system would be adjusted to make HTTPS the default. If your site has both an HTTP and an HTTPS version, the HTTPS version would be crawled first.
As some of you may know, it is true that Google has been pushing a move from the traditional HTTP to the more secure HTTPS hosting for websites. And although Google says that sites using HTTPS will eventually see a slight boost in the rankings due to Google’s preference for this format, there is no penalty for NOT switching to HTTPS. In other words, if you get a phone call from GoDaddy claiming that Google punish your website unless you purchase SSL certificates from them, this is GoDaddy’s way of instilling fear in webmasters in order to sell their own products.
The white screen that GoDaddy mentioned could appear for your site for a number of reasons, none of them being that you failed to change your site to HTTPS. Even with the purchase of an SSL certificate this error message may still appear due to an expired certificate, a certificate that is not valid for certain sites, or a corruption issue on your own browser.
We have switched our site to HTTPS and we have seen an increase in rank, but our clients who still have live HTTP pages are still thriving as well. The most important thing to keep in mind when deciding whether to switch your site from HTTP to HTTPS is your users’ security – not GoDaddy’s imagined Google punishments.
Why Would GoDaddy Do This?
GoDaddy is charging between 62.99 and 269.99 for SSL certificates. That is astronomically more expensive that it needs to be. Dreamhost (also a major hosting provider) for instance, charges $15 per year for an SSL certificate and even has free options. That disparity right there should tell you everything you need to know.
GoDaddy’s SSL Pricing:
Dreamhost’s SSL Pricing: