Google Showing Warnings for Non-Secure Sites in Chrome
Technical Lead, Web Watchdog
“…You should always protect all of your websites with HTTPS, even if they don’t handle sensitive communications. Aside from providing critical security and data integrity for both your websites and your users’ personal information, HTTPS is a requirement for many new browser features, particularly those required for progressive web apps.…”
HTTPS helps prevent hackers and bots from fiddling with the communications between websites and your browsers. Hackers will include malicious code, that injects ads into your website pages.
When visiting any website, there is a technology called HTTPS which is used to establish a secure connection between you on your browser and the website you are visiting. As of early 2017, Google Chrome version 56 (and any subsequent browsers) are flagging all non-HTTPS sites as “non-secure”. Initially, only pages that transmit passwords and credit card information, however, Google’s end-game is to mark all non-HTTPS connections as non-secure. This is quite a big deal!
What are HTTP and HTTPS?
Hyper Text Transfer Protocol (HTTP) is the protocol over which data is sent between a browser and a website. Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, ensuring that communications between a browser and website are encrypted. HTTPS is commonly used to protect very confidential online transactions that require passwords or credit cards.
HTTPS Acceptance and Adoption
Over the last few years, Google has been recommending HTTPS pickup with several incentives. These motivators include giving HTTPS websites a boost in ranking on Google and prioritising of HTTPS web pages. This indexing will try and show users HTTPS versions of websites by default in its search engine, whereas other search engines don’t currently work that way.
Website owners have until January 1st, 2017 (apparently) to follow through on HTTPS for transmitting this sensitive data. On a later date, Google’s new “non-secure” site labelling will go into effect.
How Will This Affect You Directly?
So, if your website is using a non-secure HTTP connection, Google will notify users to know that their personal data like logins, passwords and credit cards details are not being protected adequately.
Currently, most Chrome users do not recognise the lack of a “Secure” icon on HTTP sites as a warning. Instead, they have a tendency to ignore it, which is exactly why Google have started highlighting non-secure websites In an explicit manner.
Also, any time you go to log into the back end of your website to make changes, you will receive a non-secure message. After the third or fourth time, seeing a “Your Connection is not Secure” message will become quite annoying. Eventually, the penny will drop. Well, that is the thinking behind it.
So What Can You Do?
HTTPS confirms that the communications between a user’s browser and a website are encrypted using either a TSL or SSL certificate. If you notice that your website’s URL is HTTP and not HTTPS, you will need to obtain a trusted digital certificate for your site.
Want new articles before they get published?
Subscribe to our Awesome Newsletter.