Google is Slapping Warnings on Non-SSL / Non HTTPS Websites
Beginning in January 2017, Google Chrome has started adding warning labels for any websites that ask for passwords and/or credit card information who haven’t yet added SSL protection.
The Google Chrome web browser version 56 is about to be released. It will include a warning for non-HTTPS websites – in other words, websites that don’t use SSL. The warning will label these websites “Not secure” in the browser location bar
In case you’re not familiar with what SSL is, it’s a type of encryption so that the communication between your web browser and a server cannot be intercepted. In other words, website visitors on SSL secured websites are protected from hackers on the network who might be trying to their steal passwords or credit card data.
Google likes websites that use SSL and even gives them a small boost in rankings but, besides that, why take the risk of someone using Google Chrome as their browser seeing an ugly warning when they arrive at your website?
By adding your own SSL certificate you may even get an OVERNIGHT boost in conversions and get more targeted organic traffic.
There’s no downside here!
Google to slap warnings on non-HTTPS sites (nakedsecurity.sophos.com)
Google Chrome, on the other hand, plans to strip it down: starting in January 2017, the browser will start flagging some unencrypted sites as plain old “Not Secure.”
It’s important to note that HTTPS isn’t only about confidentiality – which is how most people think of encryption – but also about authenticity and integrity, which in many cases are even more important.
This means that, without HTTPS, eavesdroppers can not only access the data flowing over the internet, seeing everything we do on a site, but can also intercept it and manipulate it.
When traffic is unencrypted, it opens up our online activities to anyone using the same Wi-Fi at the local coffee shop, who can steal our passwords or banking information. It also enables our online activity to be tracked and sold to advertisers by Internet Service Providers (ISPs).
It allows both governments and cyber criminals to keep an eye on what sites we’re visiting and what we’re reading, as well to alter what we see and where we go, whether that’s to censor content or to divert our banking transactions to the wrong recipients.
Here’s the plan: starting in January with Chrome 56, password or credit card form fields on non-encrypted sites will be labeled “not secure.”
Then, in following releases, those HTTP warnings will be extended: for example, by labeling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy.
Eventually, all HTTP pages will be labeled non-secure, and the HTTP security indicator will change to the red triangle/exclamation mark that Google uses for broken HTTPS.
Really, you’re going to need to make this change sooner or later, so why not get it done now? In the not too distant future, all websites will be secure – that is what Google wants. There really won’t be any unencrypted communication on the Internet in the future.
Yes, I Want This Done Now!
Great! To get this work done, a few things will need to happen:
- You’ll need an SSL certificate (we sell them for $120/year and we take care of renewing it and installing it for you).
- Your website will need to force https. This means it’ll need to be set up to make sure any page accessed is forced to be secure.
- We will test all forms and shopping cart (if you have one) on your website to make sure everything works fine.
We’ll work carefully, work on it during the night and take backups of files we modify. You’ll get a report explaining all that we did for you. Learn more about how to make your website secure.
Here’s the deal:
- To get the SSL certificate is $120/year (blocks cannot be used).
- To set up forcing SSL is 2 Maintenance Blocks (or $125).
- If you need more Maintenance Blocks, you can purchase them here.
- You can pay the $120 for the SSL certificate here.
Forcing the website to be secure is a one-time charge. You’ll just need to renew the SSL certificate for $120/year each year with our hosting.
If you do not host with us, then you’ll need to contact your website host and have them help you with the SSL certificate and we can help you make sure your website forces every page to go to SSL (2 Maintenance Blocks).
Let us know if you have any questions.