Non-HTTPS Sites Flagged as “Not Secure” in 2017
Browsers and search engines have been advocating SSL (https) for websites for some time, and they have been slowly making small strides to steer developers and users toward https. Chrome announced another step in this direction with the latest upcoming browser release, version 56, in January 2017.
What’s the difference between http and https?
http is a protocol used between the browser and the web server to transmit data; web pages, images, forms, etc. https is the secure version of that protocol that keeps the data secure during that transmission (by encrypting the data) so hackers can’t access the data preventing them from gaining access to your visiter’s personal and confidential information and access to your website. In short, https is a good thing and it keeps you and your data secure.
What’s Chrome (and other browsers) changing?
With the upcoming Chrome release 56 in January 2017 non-https website will be flagged as not secure. As of right now the information icon is displayed. With the new upcoming release the words “Not Secure” will be displayed. This change specifically effects sites with logins screens, credit cards, or any website transmitting any type secure or confidential data.
Eventually, all websites serving http will be flagged as Not Secure and the warning message will look more like this:
Who does this effect?
The industry shift toward more security effects everyone what uses a submission form or transmits secure data over a website; it’s not only for credit card forms, but login, subscription forms, email signup forms and the like. If you have clients logging into your site or submit confidential information, it needs to be running in https. Even WordPress blogs should be running https, and not passing admin login credentials insecurely.
How does this effect my business?
The good news is your website and visitors will ultimately be more secure. It also means, if your site is not secure, visitors will be notified or blocked from visiting your site. This could result in a loss of traffic and sales. Yes, this could effect your bottom line. Get secure now and avoid visitors getting blocked by search engines and browsers.
Additionally, Google announced in 2014 https will be a ranking signal for higher search engine result rankings. Although this started effecting 1% of websites in 2014, Google’s https everywhere effort will be cracked up as time goes on.
How do I get secure?
The solution is to install an SSL Certificate. Installing a certificate doesn’t immediately force all pages, images and content to use SSL it just gives it the ability to. The second step is to make sure all your pages and content are taking advantage of SSL.
At Digital Canvas we can help you with this process. First we’ll install an SSL Certificate, then test to make sure all the referenced content is using the certificate so there are no errors. Just having an SSL Certificate isn’t enough if your pages and content aren’t using it. The website needs to be configured correctly to use the Certificate.