Does your website collect sensitive website visitor information such as credit card, passwords, or personal information? By the end of January 2017, Google Chrome will begin marking sites without HTTPS as non-secure.
The reason for this: Google will release their Chrome browser version 56, according to Google Security Blog. It will include a new warning for login sites that are not using HTTPS, also known as SSL. Chrome 56 will mark HTTP login pages as “not secure” in a window next to the address bar.
The HTTP protocol is not secure for login pages as it may allow attackers to intercept your passwords and data as they transit across the network.
Chrome browser will now require HTTPS for sites that collect sensitive information. If your site is still HTTP, protect your visitors and your site with an SSL certificate and migrate to HTTPS.
Whenever you are typing in passwords and/or credit card information, you will want to make sure this information is encrypted. Chrome 56 will let you know if they are not.
In following releases, Google will continue to extend HTTP warnings, for example, by labelling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy. Eventually, Google plans to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.
What is SSL and HTTPS?
HTTPS (HyperText Transfer Protocol Secure) is a protocol for transferring encrypted information between clients (e.g., web browsers) and websites. HTTPS requires the use of a digital certificate to encrypt the connection.
To implement HTTPS, you need to install an SSL Certificate (Secure Socket Layer) at your website.
HTTP (HyperText Transfer Protocol) is also a protocol, but it will transfer data in clear text. With HTTP, it is possible for unauthorized parties to intercept and read this information.
How Can You Add SSL / HTTPS to Your Website?
First, you need to get a digital certificate from a CA (Certificate Authority).
That is usually costly and properly configuring them with the correctly filled-in ‘CSR’ (Certificate Signed Request) in order that the website works properly with the new HTTPS URL has been difficult, time-consuming (think HOURS, not minutes) and prone to problems.
Enter Let’s Encrypt Free Certificates
The SSL game has changed forever. Let’s Encrypt is a free, automated, and open Certificate Authority. Because Google, Automattic (owner of WordPress), Cisco, HP, Mozilla and a several other major tech companies have jointly sponsored a new FREE SSL initiative:
You will need to get in touch with your hosting provider and have them install the Let’s Encrypt SSL certificate.
How I Added SSL / HTTPS To My Website?
I hosted my BuzzAndTips website at WPX Hosting. WPX have created their own software to fully automate adding Let’s Encrypt free SSL certificates (even in BULK) to any or all of your websites hosted with them – all with just a few mouse clicks (see demo video below).
And their automated SSL installation takes less than 60 seconds including the necessary 301 redirects from your non-SSL URLs to the new HTTPS one!
Video provided by WPX Hosting
What You Get With This Free WPX Hosting Feature
- Wasting HOURS on buying and successfully installing a single SSL is no longer necessary
- NEVER pay for another SSL certificate again
- You do NOT need to fill in any CSRs to enable SSLs
- And you do NOT ever need to manually renew your Lets Encrypt SSL certificates which expire every 3 months by default as they have fully AUTOMATED your SSL renewals.
Once your site is running HTTPS / SSL, you need to inform Google about it.
Adjust your Google Analytics settings for SSL in Webmaster tools
From the View settings, change the protocol from HTTP to HTTPS:
From the Property settings, change the protocol from HTTP to HTTPS:
Google Search Console Modifications
In Google Search Console, you need to take the following three actions:
- Create a new property for HTTPS e.g., https://yourdomain.com
- Submit your sitemap (with HTTPS)
- Fetch as Google your new HTTPS URL, e.g., https://yourdomain.com
For instructions on how to perform the above steps, please visit:
Configure your CDN for HTTPS
In my case, I do use MaxCDN and I had WPX Hosting to configure it for me.
To Sum Up
Is your website using HTTPS?
Google is moving to a more secure web and wants to help users browse the web safely. Their Chrome browser will continue to extend HTTP warnings by labelling HTTP pages as “non secure”. If you run a website that accepts sensitive user data, I suggest you move to HTTPS / SSL as soon as you can.
Here is a quick recap about the benefits of adding HTTPS / SSL to your website:
- Secure connections are established between visitors and your website
- Potential customers will better perceive the trust level of your site
- Your site will become eCommerce ready
- Your Member’s area is protected
- Your website gets a Ranking boost – SEO
- Encrypted Websites Protect Our Privacy and are Significantly Faster
Also, make sure that you use strong passwords. You can generate them with a tool like Dashlane.
- The Benefits of Open Source CMS Software
- 7 Ways to Make Your WordPress More Secure
- How to Speed Up Your WordPress Dashboard