A new version of Chrome has just been released, and it will affect the way internet users experience websites that aren’t using HTTPS (SSL). Is your website ready for Google’s war on unencrypted sites?
Updated 3 October 2017 – Google’s changes to Chrome have come into effect as of 1 October 2017. In Chrome Version 62, any site that does not have a SSL certificate installed will be displayed as ‘Not Secure’. Read on to find out how these changes affect you.
Google’s announcement is clear: it’s time for unencrypted sites to upgrade.*
Google wants everything on the web to be secure. They’ve been on a quest to stamp out the use of non-secure HTTP websites for over a year now. While it may seem like getting your SSL certificate is an inconvenience, ultimately it’s a move that’s going to protect the privacy of your users.
When traffic is unencrypted, not only can eavesdroppers see what you’re doing online, but also intercept and manipulate it. HTTPS sites ensure this doesn’t happen. SSL certificates are small data files that encrypt your data as it’s sent through the internet, effectively preventing other parties from getting access to your sensitive information.
HTTPS protects more than just your customers’ data. It also helps people to easily identify when a site is real and when it’s an imposter. These fake versions of websites are popular with hackers and other malicious users. We can all agree that taking power away from these unpleasant types can only be a good thing!
People are becoming more savvy about their privacy online, and making sure your website reflects a commitment to their security should be a priority. We owe it to our visitors to protect the security, integrity and privacy of their data.
Subscribe to our monthly newsletter for updates on web security and all things tech.
We promise to only send you information when it’s genuinely interesting.
How will this affect my website?
If you already have a site-wide SSL certificate installed, well done! Nothing is going to change and you can continue developing your online presence with the knowledge that you’re protecting your users’ privacy.
If you are not running a site-wide SSL certificate, you should be concerned.
Now that the changes are live, all websites running HTTP will display ‘Not secure’ next to the URL. In the first stage of the rollout, you may have seen only the words ‘Not Secure’ with the information icon on pages that collect passwords or credit card details, but now you’ll see the marker on all plain HTTP pages, too.
Image courtesy of the Chromium Blog
Eventually, all non-HTTPS webpages will display a red triangle warning marker and ‘Not secure’ next to the URL, no matter what type of information is on that page.
This has the potential to confuse your visitors into thinking that there are security issues with your website other than being non-HTTPS. Consumers are starting to look for clear signs of high security and the Non Secure mark may discourage someone from choosing to use your product or service over that of your competitors.
Upgrading to SSL will also help to improve your website’s ranking in Google search results. Website performance and security are important factors in how Google calculates your website authority and page rank. HTTPS is a great indicator that you’re taking your visitors’ security seriously and, as a result, HTTPS websites should see better performance in the search results compared to unencrypted sites.
Even without taking the obvious security benefits into consideration, there are other positive reasons to upgrade to SSL:
- Better website performance
- It’s easier and cheaper than ever before
- Access powerful new features that are too sensitive for HTTP
How do I make sure my website is safe?
We recommend setting up SSL on your website as soon as possible to minimise any potential interruptions or issues with a plain HTTP website. Installing SSL is usually a relatively simple task, and you should be able to find a description of how to implement SSL in your hosting provider’s support documentation.
*Read Google’s full announcement on their security blog for more information.