Update: 6/21/2018: Beginning July 2018 Google Chrome will warn users visiting all websites served over http that the site is not secure.
Our friends at Google are always looking for the best ways to keep the internet a friendly and secure place for everyone. With the launch of the newest edition of Chrome they’ve taken some important steps in a safer internet, with a new warning about non-secure websites. And it’s not just Google, Firefox is preparing to issue the same warnings.
If your website collects information such as passwords or credit card information and isn’t served via HTTPS, Google Chrome is warning visitors that your site is not secure.
Google has begun to send warning emails to web owners who have a webmaster account attached to their website titled: Nonsecure Collection of Passwords will trigger warnings in Chrome 56
Not sure if the HTTP Not Secure Google warning applies to your website?
If your website URL begins with HTTP and you sell products on your site, or your site has a frontend user login Google will be labeling your site not secure. This will appear for visitors who come to your site using the new Chrome 56 web browser.
Previously, Google displayed an HTTP website as neutral, but this latest update comes with a change in wording.
Here’s what that will look like to your web visitors.
And Google isn’t the only one doing this. The recently released Firefox browser version will begin marking them as not secure.
What’s the difference between HTTP and HTTPS?
Information sent on an HTTP site is sent as readable text. So when you are logging in to the backend of your website to update your blog page, that user name and password are being sent out in clear text.
HTTPS secures passwords and credit card information by sending that information through Transport Layer Security Protocols that protect your information through data integrity, encryption, and authentication.
My website is HTTP, how do I fix this?
If your website is selling a product, or collecting logins on HTTP you will need to migrate your site from HTTP to HTTPS as soon as possible.
An SSL certificate will need to be purchased in order to migrate to HTTPS. Your websites web development team should be able to accomplish this for you. The SSL certificate will need to be renewed, in the same way your domain has to be re-purchased.
After migration you will need to perform 301 re-directs from your HTTP to HTTPS pages
Learn more about securing your site with HTTPS
My site doesn’t sell anything or collect passwords
Your site might not sell anything, but it is collecting passwords.
Your website has a backend login, which is being acknowledged as not secure over HTTP. While this won’t necessarily affect the security to a website visitor, they most likely will not understand that. All they will see is the not secure notification.
Need more convincing?
Security isn’t the only reason for migrating your site.
Organic Ranking and SEO Google began using HTTPS as a ranking signal, and while the weight of this is small now, they have noted that in time the may increase the weight of that signal.
Improved Analytics Reporting – Referrer Data
If your website is HTTP, referral traffic will be logged as direct. However, when your site is HTTPS that information is properly logged as referral information.
Without a secure HTTPS connection, your customers are at risk of a 3rd party intercepting their unencrypted data. Interested in converting to HTTPS?