Selected answers from the Dumb SEO Questions G+ community.
Paul Thompson: Google`s only indication of the more stringent "not secure` warnings is that it will happen "in July" not that it will happen July First. Still urgent to get done, but not likely happening Sunday.
Paul Thompson: Just double-checked - the expected date is on or around July 24 for the full release of Chrome Version 68 which is what will contain the new HTTP/HTTPS warnings.
Trey Collier: Paul Thompson so is this a browser thing or a SERP thing?
Paul Thompson: Browser thing- Chrome 68 will include a "Not Secure" warning box next to the site URL in the address bar for all pages that are HTTP. (This is the same warning box that currently appears for non-HTTPS pages that have forms on them - just expanded.)
Trey Collier: Paul Thompson so if the searcher doesn`t use this version of the chrome browser then they will never see the warning. IE iPhone users.
Paul Thompson: At this point, yes. Other browser companies also have plans to up the non-secure warnings as well though. (Though most mobile browsers don`t display much in the way of security warnings/extended validation certificates etc.)
David Gizzarelli: No. I looked into a secure domain, but it seemed like my hosting was gouging for that service based on the recent news. And any purchase only covers one domain name. None of the sub-domains. Is there an affordable option I can purchase from a 3rd party?
Paul Thompson: Some crappy hosts don`t allow 3rd party certificates. For the ones that do, what you`re looking for is a wildcard certificate. You can get them much less expensively from places like Namecheap. (Though the ideal is to use a host that provides the free Let`s Encrypt or equivalent.)
Jim Munro: What Paul said. Find a fast host that will allow you to manage Let`s Encrypt. The certificate is free but there`s a bit of clerical. You`ll probably have to renew it every 90 days for the foreseeable future.
Perry Bernard: It might depend on what you pay for hosting, as to what other services likes this you end up getting for free or next to no cost. I pay $160 per month for my hosting service, and they take care of a lot for that. If you pay (let`s say) $20 a month for your hosting, expect a lot less add-on services.
Paul Thompson: I pay $10/month. Free automatic Let`s Encrypt (wildcard coming in next week or so), Elastic Mail, built in SMTP, Memcached, Redis, Varnish caching, staging (with upcoming push-to-live functionality)... There are good fast hosts with quality addons - but the typically-advertised ones aren`t it, for sure.
Perry Bernard: Paul Thompson is that a one-site plan? I failed to mention mine is a 40-site plan.
Paul Thompson: It`s a VPS, so depends on resources needed for total sites (I`ve got 8 sites on it with only about 1/2 resources used). But no, it`s not going to do for $10 what your server handles for 40 sites for $168. I was just giving the example that there are some solid hosts with all the necessary add-ons for good prices that don`t nickel and dime over SSL certificates.Hosts scoring big bucks for SSL certificates is so 2014 :)
David Gizzarelli: GoDaddy charges me $16.99 each month for hosting. I think they wanted $275 for SSL. I`ve thought about switching in the past, but I worry about all the work involving my ASP.net site
Michael Martinez: Cpanel automatically renews certificates. They offer Comodo for free but you can add Lets Encrypt.
Paul Thompson: Michael Martinez Are you talking specifically about GoDaddy? I`ve never seen them offer free SSL on anything except their Managed WordPress. They`re one of the poster-children for still trying to rake in obscene profits from SSL certificates which most of the rest of the hosting world have moved to providing for free. (cPanel only provides access to free SSL if the host decides to enable it.)
Jim Munro: GoDaddy`s business model is to sign up domains for less than they pay for them in cash and then load up the new owners with add-ons that are often provided free by other hosts. They look cheap but they might be the most expensive, depending on your requirements. What they`ve done with SSL is an extension of what they`ve always done.
Paul Thompson: Jim Munro Oh, agreed, it`s totally their general business model.
Jim Munro: I can`t nominate an incident but I know they`ve been caught out suppressing crawling by googlebot many times over the years. There`s possibly many potentially successful sites languishing on GoDaddy hosting.
Michael Martinez: Paul Thompson No, the Cpanel software itself now comes with free Comodo SSL certificates. If you own or lease your own server, you have to pay for a Cpanel license. If you are using shared hosting (even a reseller account) then it is up to the hosting company to determine if you get the free certificates. But Cpanel now gives you the ability to install Let`s Encrypt or other certificates the same way they handle the default Comodo certificates. Just check the SSL dashboard to see what options you have enabled.
Paul Thompson: Yup - as I already said above "(cPanel only provides access to free SSL if the host decides to enable it.)" And yea, the same applies to whether the cPanel will even allow enabling of any third-party certs at all. GoDaddy shared doesn`t allow any of that. It`s a "built-in" option, but only available if host configures it that way. Which GD doesn`t.
Michael Martinez: I work with a client that uses GoDaddy-owned ZZ Hosting. He has a reseller account and he does get the free Comodo certificates. My partner and I moved our last Godaddy sites to our server last year. I do not recall having free SSL with them. So GoDaddy is rather inconsistent.
David Gizzarelli: How is suppressing a google bot helpful to them? Then analytics won`t see certain activity? Rank suppression?
Paul Thompson: Googlebot doesn`t register in Analytics. There has been talk of them throttling Googlebot and others in the past in order to reduce server load. This would harm websites by reducing the number of and speed at which pages get crawled and indexed.
David Gizzarelli: My bad, I thought I was on my thread about Yelp and their admin.yelp.com hitting my website
Adam John Humphreys: All clients got it years ago. What a gong show but it sure has been profitable for those coming with issues because of incorrect implementations lol
Perry Bernard: I think it`s prudent to mention something about this, because I recently read an article written by a local SEO agency saying that HTTPS is "website security", which it absolutely is not. It`s communications security between server and browser only. The website can still be full of viruses and malware and have significant vulnerabilities.
Marek Veselý: Anyone still using HTTP those days? lol...HTTP/2 only boys
Michael Martinez: Of course, HTTP/2 is even less secure than HTTPS (which you need for HTTP/2).
Michael Martinez: Paul Thompson It`s a long story, but what most people don`t understand is that HTTPS is not very secure (for one thing, all the encryption protocols have been compromised, even up to TLS 1.2). On top of that, there are documented performance and security issues with HTTP/2. The only reason I recommend people move to HTTPS is to avoid being branded as "unsecure" (r whatever) by the browsers. Otherwise, it`s virtually meaningless "security". Although most hackers don`t have the resources they need to actually decrypt any communications between browsers and whatever, they typically resort to hacks that bypass HTTPS (capturing the data either from the user or the Website). On top of that, many corporate and all commercial VPNs act as "man in the middle" processors, and they can therefore see everything you pass through their networks. There`s just so much propaganda and B.S. being shared about HTTPS that people really believe it makes the Web safer. It does no such thing.