Chrome 'Not secure' marker for 2017. Have you moved to HTTPS or will you be doing so anytime soon?

[CTXMedia]

Like many people, I got an email from Google today to say that from Jan 2017 they are going to mark pages with login forms as not secure if they are not served over https.

This means pretty much every page that is viewed by a guest (since the login link/form is at the top of most pages).

I have so far resisted moving my sites to https as my understanding has been that Adsense revenues drop because of a lack of https ads in the auctions, but this may have changed in revent months?

Have any of you recently moved to https? What has been the impact on page views (did they increase as a result of better rankings) and Adsense revenue (no figures, just - no change / decrease / increase)?

Cheers,
Shaun

 

[Pierce]

This is what it will look like for the user;

https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html?m=1

Also anybody running iOS apps needs to go to https

 

[motowebmaster]

HTTP/2 was a good choice for my forum, which required the implementation of https. I don't imply any degree of security, using an Lets Encrypt certificate, but it hasn't negatively impacted revenue.

Some users did have difficulty on older devices, but imagine that would be less of an issue going into 2017.

 

[rdn]

I just forced HTTPS yesterday .
I have http/https both working but https only optional since 2013.

 

[eva2000]

forums switched to HTTPS ~2yrs ago a few months or weeks after forum started https://community.centminmod.com/

HTTP/2 HTTPS all the way for page load performance

 

[viper357]

Have any of you recently moved to https? What has been the impact on page views (did they increase as a result of better rankings) and Adsense revenue (no figures, just - no change / decrease / increase)?

I had the exact same concerns as you, I changed to https on the 19th November and looking at Google Analytics I see no decline in page views, they actually increased for the first 2 weeks after https was installed, just before the annual December slowdown started (my forums go very quiet every year over the December holiday season). With regards to adsense, that's been pretty much constant as well, neither up nor down, I check it every day and the figures are still averaging about the same. And I don't know if it's my imagination or not but I'm pretty sure my forums load a bit faster as well, but I didn't measure that so not too sure.

 

[MattW]

I forced https again on my forum at the end of November, and adsense earnings are exactly the same as they were prior to the switch. Last time I tried (back in 2014), they dropped to basically zero.

 

[CTXMedia]

Thanks guys - that's good to know and gives me the confidence to move forwards in the new year.

 

[CTXMedia]

Any suggestions for where to buy the SSL Certificates from?

 

[rdn]

Any suggestions for where to buy the SSL Certificates from?

https://www.gogetssl.com/domain-validation/

 

[CTXMedia]

Thanks - I don't do any ecommerce so it looks like the Comodo PositiveSSL certificate (domain validation) will be sufficient for each site, and the price is very affordable.

So what happens to old links and images and signature images that don't use https - will that bring up a mixed-contnet browser warning?

And do you just update your Adsense code to use https to convert them?

 

[rdn]

UPDATE xf_conversation_message SET message = REPLACE(message,'http://www.domain.com','https://www.domain.com');

UPDATE xf_user_profile SET signature = REPLACE(signature,'http://www.domain.com','https://www.domain.com');

UPDATE xf_post SET message = REPLACE(message,'http://www.domain.com','https://www.domain.com');

UPDATE xf_profile_post SET message = REPLACE(message,'http://www.domain.com','https://www.domain.com');

UPDATE xf_profile_post_comment SET message = REPLACE(message,'http://www.domain.com','https://www.domain.com');

 

[CTXMedia]

Thanks. As a test I've bought and installed a certificate for my cycling blogzine (www.cyclingjunkies.com). Redirects appear to be working okay, I've updated Google Search Console / Google Analytics, and appear to be getting a green padlock on all pages - anyone know what I should apply in Cloudflare's Crypto settings to show the site domain in the certificate details [currently shows cloudflare's domain]?

 

[Pierce]

Thanks. As a test I've bought and installed a certificate for my cycling blogzine (www.cyclingjunkies.com). Redirects appear to be working okay, I've updated Google Search Console / Google Analytics, and appear to be getting a green padlock on all pages - anyone know what I should apply in Cloudflare's Crypto settings to show the site domain in the certificate details [currently shows cloudflare's domain]?

Ah you need a business account for that.

Technically speaking any cert even a self signed would be fine.

Cloudflare also gives you a cert to use... See attached screenshot under crypto

 

[Brent W]

We are waiting on our advertising company to iron out a last few issues before we switch our largest site. All of our other sites are already on https.

 

[CTXMedia]

So far so good on the two blogzines ...

Do you have to enable image and link proxying once you move to https? Is there a general guide or walk-through for things to look out for and change when converting to https?

 

[Brent W]

So far so good on the two blogzines ...

Do you have to enable image and link proxying once you move to https? Is there a general guide or walk-through for things to look out for and change when converting to https?

Link proxy isn't required but Image Proxy is. Basically just make sure you haven't hard coded any images/css/javascript files to http and adjust the board url setting.

 

[CTXMedia]

Sounds relatively simple - I've set everything up on the server, just need to flip it once I've advised the membership.

I've also just noticed that to get a certificate with the site domain as the CN in Cloudflare, you've got to get a dedicated CF cert @ $5 per month; something that I might consider just to neaten it all off.

 

[Brent W]

I've also just noticed that to get a certificate with the site domain as the CN in Cloudflare, you've got to get a dedicated CF cert @ $5 per month; something that I might consider just to neaten it all off.

Yes we do that for our largest site, though the HTTPS is only active on a subdomain right now.

 

[Pierce]

Sounds relatively simple - I've set everything up on the server, just need to flip it once I've advised the membership.

I've also just noticed that to get a certificate with the site domain as the CN in Cloudflare, you've got to get a dedicated CF cert @ $5 per month; something that I might consider just to neaten it all off.

I seen it when I posted it to you.

I don't know if its any more valid than a normal CF cert.