Facebook. Well contained.Read More
Starting in July, Google Chrome will mark all HTTP sites as “not secure,” according to a blog post published today by Chrome security product manager Emily Schechter. Chrome currently displays a neutral information icon, but starting with version 68, the browser will warn users with an extra notification in the address bar. Chrome currently marks HTTPS-encrypted sites with a green lock icon and “Secure” sign.
Google has been nudging users away from unencrypted sites for years, but this is the most forceful nudge yet. Google search began down-ranking unencrypted sites in 2015, and the following year, the Chrome team instituted a similar warning for unencrypted password fields.
The Chrome team said today’s announcement was mostly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and a strong majority of Chrome traffic is already encrypted. “Based on the awesome rate that sites have been migrating to HTTPS and the strong trajectory through this year,” Schechter said, “we think that in July the balance will be tipped enough so that we can mark all HTTP sites.”
HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one in the middle can tamper with the traffic or spy on what you’re doing. Without that encryption, someone with access to your router or ISP could intercept information sent to websites or inject malware into otherwise legitimate pages.
HTTPS has also become much easier to implement through automated services like Let’s Encrypt, giving sites even less of an excuse not to adopt it. As part of the same post, Google pointed to its own Lighthouse tool, which includes tools for migrating a website to HTTPS.
No HTTPS for your website? From July, Chrome will warn your visitors!
Google is keeping its promises and will soon clearly warn people who use its Chrome browser when they visit a website that is not using HTTPS. So, make sure to use HTTPS as soon as you can to avoid your visitors getting scared by the alarm bells!
HTTPS: the carrot and the stick
The makers of the most popular browsers have been making considerable efforts for a number of years now to encourage webmasters to use the secure HTTPS protocol. In various articles, including “Three important reasons to switch to a HTTPS website”, we explain the benefits for both users and websites. Google e.g. ranks HTTPS websites higher in search results.
After having convinced various websites the gentle way (the carrot), Google is now brandishing the stick, and will start penalising the most obstinate webmasters who are not using this secure protocol yet.
What exactly is going to happen?
From July 2018, Internet users who visit an HTTP website with their Chrome browser will see a “not secure” warning in their address bar.
And whereas in the past this warning was only shown on websites with sensitive content (input fields, passwords, etc.), it will soon be shown on any ordinary HTTP website.
What about the impact?
Visitors of an HTTP website will get a wake-up call: any communication with this website is not secure. This means the data shared between the website and their computer can be intercepted and changed. They cannot even be sure that the website they visit is actually the website it claims to be.
The impact of this warning is huge. With its Chrome browser, Google has a massive market share (from 41.38% in India to 63.77% in Spain). Other browsers (Mozilla, Edge, Safari) also follow the example set by Chrome.
How will switching to HTTPS affect you?
If you want to offer an HTTPS website to your visitors, you will need an SSL certificate. Such certificates are available in different formats, from simple, free Let's Encrypt certificates, which offer a basic guarantee, to advanced certificates that also guarantee your company’s standing (extended value or EV certificates).
If you want to find out more about how you can implement the SSL certificate, please read our article “The SSL certificate: what should you do?”
You have spent so many hours working on your website and building customer trust, so do not let all your efforts go to waste by making sure your website does not show one of those scary “not secure” warnings! An SSL certificate (free or paid), which is necessary to establish a secure HTTPS connection, is a must, and it is quite easy to install!
Unfortunately, those who have a website hosted on Homestead cannot apply a fee or paid SSL certificate to their domain name.
Instead, the way forward is to have your website rebuilt on another website host. Squarespace is my suggestion. Squarespace provides SSL coverage on all domain names both purchased from Squarespace and pointed to Squarespace.
If you are reading this blog first, please refer to the two blogs above this to have the context of SSL and what this message is all about.
Contact me, if you are in need of assistance. We can review your situation and discuss a possible solution.