A recent report suggests Google is blacklisting non-HTTPS sites asking for login credentials

Commonly, the term ‘Blacklisting’ is associated with suspicious sites posing a threat to the security of users online. Google is always on the lookout for suspicious sites and it warns visitors upon landing on such sites. This is called blacklisting.

However, a recent report by Sucuri suggests that blacklisting is no longer limited to mistrustful websites. This is confirmed by the experiences of many website owners who got their sites blacklisted even if their sites didn’t consist of any malicious files or links.

So, why did it happen? Let’s find out.

Understanding ‘Blacklisting’

Being the top search engine in the world places some serious accountability on Google’s shoulders. It means constant development and optimization of modern technologies, tools, and techniques to keep cyber attackers at bay. Blacklisting demonstrates one of the best examples of it.

Fundamentally, Blacklisting is a defense mechanism used to prevent web surfers from visiting a potentially dangerous webpage/website. Safe Browsing, a tool developed by Google does this job. Safe Browsing scans millions of websites and identifies possibly dangerous ones. Then Google raises a red flag by displaying ‘The site ahead contains harmful programs.’ This is shown in the image below:

site contains harmful programs google chrome error

As a part of this blacklisting process, Google eliminates such website from its search engine index itself, thus making it impossible to access it directly from the search engine. More than anything, the traffic of the website is impacted the greatest. It is estimated that a blacklisted website loses around 95% of its organic traffic.

Recent Developments

Until recently, these security warnings were limited to sites containing mischievous programs. Not anymore. Going by the report published by security firm Sucuri, Google has started flagging non-HTTPS websites that ask for usernames and passwords. This move is enforced in order to protect the credentials being sent by the client to the server. This move is a positive step taken in Google’s long-standing goal of enabling HTTPS all over the internet.

Google is not alone in this quest. Mozilla made an identical announcement for its browser Firefox. Under which, Firefox will display a gray lock with a red slash for the non-HTTPS sites containing password field as shown in the image below:

firefox http login warning error

Why Blacklisting?

Web-browsing is an Achilles’ Heel as far as the security of users is concerned. It is an easy target for online fraudsters to trick users using deceiving files and links. This is where Blacklisting enters the scene. On seeing warnings raising concerns over the safety of a website, the user is bound to think twice before visiting the site.

Avoid blacklisting by embracing HTTPS

Google’s love for HTTPS is not a secret to anyone. Since the mission “HTTPS Everywhere” was announced, slowly but steadily Google started putting restrictions on non-HTTPS websites. The blacklisting of non-HTTPS websites is another stepping stone in the tech giant’s great vision.

The report published by Sucuri last week gives some wonderful insights into the recent developments implemented by Google. They reported a rise in the number of blacklisted sites for no reason. The blacklisted sites were “clean” in their terms. They reported some of the blacklist review requests were cleared “only after SSL was enabled.” As mentioned, SSL certificate installation is required to get HTTPS protocol enabled on your website.

You might wonder what an SSL certificate is and how they work. Let’s find out.

What is an SSL certificate? What does it do?

In Layman’s terms, an SSL certificate is a modern, digital form of an envelope seal. With a countless number of users sharing their delicate, confidential information on websites, there is a need to protect such data from coming into the hands of cyber criminals. This is what SSL certificates are intended to fix and that is exactly what they do.

On an SSL-enabled website, every tiny bit of data shared by users is transformed into an undecipherable strand of numbers, alphabets, and special characters. This conversion from an original format to unreadable from is referred as Encryption. In the wake of this conversion, it is an effectively unthinkable task for any cyber attacker to decipher, read, and tamper the information. As a result of SSL installation, trust indicators such as padlock and green address bar are enabled on the website.

Benefits of SSL Certificate Installation

Without a shadow of a doubt, the central idea behind the SSL installation is the protection of your site’s visitors’ data. However, this is just the tip of the iceberg. The adoption of HTTPS offers numerous improvements over HTTP. Some of these advantages are explained below:

  • In 2014 Google declared to give advantage to HTTPS enabled websites in terms of search engine rankings
  • Some of the SSL certificate brands offer tools such as malware scanning and vulnerability assessment. These tools can be of immense help to prevent your site from being infected by viruses and malware
  • As far as the customer trust is concerned, the trust signs prove to be a key factor
  • For business sites, with improved trust from customers, there are fewer abandoned carts, which increases order conversion percentage
  • SSL certificates help prevent phishing attacks

Final Verdict

Whether you agree or not, SSL is the way forward. The only question is–whether you want to be a part of this wonderful change and reap the fruits now or you want to regret not doing it sooner.


Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.