Does your website collect sensitive website visitor information such as credit card, passwords, or personal information? By the end of January 2017, Google Chrome will begin marking sites without HTTPS as non-secure.
The reason for this: Google will release their Chrome browser version 56, according to Google Security Blog. It will include a new warning for login sites that are not using HTTPS, also known as SSL. Chrome 56 will mark HTTP login pages as “not secure” in a window next to the address bar.
The HTTP protocol is not secure for login pages as it may allow attackers to intercept your passwords and data as they transit across the network.
Chrome browser will now require HTTPS for sites that collect sensitive information. If your site is still HTTP, protect your visitors and your site with an SSL certificate and migrate to HTTPS.
Whenever you are typing in passwords and/or credit card information, you will want to make sure this information is encrypted. Chrome 56 will let you know if they are not.
In following releases, Google will continue to extend HTTP warnings, for example, by labelling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy. Eventually, Google plans to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.
HTTPS (HyperText Transfer Protocol Secure) is a protocol for transferring encrypted information between clients (e.g., web browsers) and websites. HTTPS requires the use of a digital certificate to encrypt the connection.
To implement HTTPS, you need to install an SSL Certificate (Secure Socket Layer) at your website.
HTTP (HyperText Transfer Protocol) is also a protocol, but it will transfer data in clear text. With HTTP, it is possible for unauthorized parties to intercept and read this information.
First, you need to get a digital certificate from a CA (Certificate Authority).
That is usually costly and properly configuring them with the correctly filled-in ‘CSR’ (Certificate Signed Request) in order that the website works properly with the new HTTPS URL has been difficult, time-consuming (think HOURS, not minutes) and prone to problems.
The SSL game has changed forever. Let’s Encrypt is a free, automated, and open Certificate Authority. Because Google, Automattic (owner of WordPress), Cisco, HP, Mozilla and a several other major tech companies have jointly sponsored a new FREE SSL initiative:
You will need to get in touch with your hosting provider and have them install the Let’s Encrypt SSL certificate.
I hosted my BuzzAndTips website at WPX Hosting. WPX have created their own software to fully automate adding Let’s Encrypt free SSL certificates (even in BULK) to any or all of your websites hosted with them – all with just a few mouse clicks (see demo video below).
And their automated SSL installation takes less than 60 seconds including the necessary 301 redirects from your non-SSL URLs to the new HTTPS one!
Video provided by WPX Hosting
Once your site is running HTTPS / SSL, you need to inform Google about it.
From the View settings, change the protocol from HTTP to HTTPS:
From the Property settings, change the protocol from HTTP to HTTPS:
In Google Search Console, you need to take the following three actions:
For instructions on how to perform the above steps, please visit:
If you use a CDN (Content Delivery Network) such as MaxCDN, Cloudflare et al., you must configure it to serve HTTPS. If you are not comfortable with this, please contact your CDN provider.
In my case, I do use MaxCDN and I had WPX Hosting to configure it for me.
Is your website using HTTPS?
Google is moving to a more secure web and wants to help users browse the web safely. Their Chrome browser will continue to extend HTTP warnings by labelling HTTP pages as “non secure”. If you run a website that accepts sensitive user data, I suggest you move to HTTPS / SSL as soon as you can.
Here is a quick recap about the benefits of adding HTTPS / SSL to your website:
Steve Williams is a blogger, consultant, and entrepreneur. He helps people thriving with digital marketing and blogging.