SSL - We Warned You

Google: Most Florist Sites Are Not Secure

For several years, now, Google has been pushing their secure internet agenda. Here’s a quick recap of their history with SSL encryption (sites that load using the https:// URLs instead of http://).

  • 2004 – Gmail launches with SSL support (optional at that time)
  • 2010 – Google Chrome enables HSTS, meaning websites can announce that they should only ever load using a secure URL.
  • 2010 – Google promotes the SPDY protocol for rapid loading of secure websites. (SPDY was eventually rolled into HTTP/2)
  • 2010 – SSL is now the default in Gmail.
  • 2011 – Google search is now encrypted by default
  • 2014 – Google announces that SSL-encrypted sites will be given a ranking boost
  • 2015 – HTTP/2 is released allowing for faster secure connections
  • 2016 – Google fully implements HSTS on all their sites, confirming that users can only ever connect to them securely
  • 2016 – In October of 2016, Mozilla announced that over 50% of their web traffic was now securely loaded over HTTPS
  • 2016 – The number of HTTPS sites on Google’s Page 1 results increased from 7% in 2014 to 32.5% in 2016.
  • 2017 – We published a warning that all florists needed to secure their sites ahead of Google’s upcoming changes.
  • 2018 – In a February announcement, Google warns that as of July 2018 all non-HTTPS sites will be flagged with a “NOT SECURE” warning. As much as 78% percent of web traffic is already using HTTPS at this time.
  • Today (July 24, 2018) – Google’s latest Chrome browser release is flagging websites that do not use SSL by default as “NOT SECURE”.

So where does that leave the retail florist in 2018? If you have an ecommerce site, just imagine the impact of your customers being greeted with a nice big warning that your site is not secure! The effect on sales could be devastating.

Using the latest Chrome release, I started browsing some florist websites to see how our industry is coping with this change. (Keep in mind, we’ve had about 8 years to plan for this, and HTTPS has already been a ranking factor for the last 4 years.)

Here’s what I found:

Not Secure - Stems

Not Secure - Seaside

Not Secure - Newtown

Not Secure - J Alexander

Not Secure - Flowers By Us

Not Secure - Appleby

Big surprise: most florist websites and website providers are behind the curve on this. Again.

So what’s to be done? Here are a few ideas:

  1. If you are using a custom site (built by you, or a local/independent provider), contact your web provider today and insist that your site be converted to fully HTTPS immediately.
  2. If you manage your own site, get an SSL certificate and install it. If you have SSL but it only applies to your checkout, make the necessary changes today to secure the entire site.
  3. If you have a website from a major floral industry provider and it’s not secure by now … it’s time to move on.

At this point, any provider not securing their clients’ sites can only be described as negligent. These changes have been signalled by Google years in advance. The ranking benefit came into effect in 2014.

If you’re interested in working with a floral web and marketing partner who was:

  • First to implement Responsive Design for mobile (2011)
  • First to offer fully secure sites for clients (2013)
  • First to offer schema and microformatting
  • First to offer completely custom designs because your brand is too valuable to be a template

… then check out Strider’s Essential Bundle today. We create websites the way you create designs for your customers – with love, care, and personalization to make them incredible. You convey emotions, we convey your brand ideals. Learn what a difference it makes to work with a web partner who really wants you to succeed!