Chrome will soon mark all unencrypted pages as ‘not secure’

Blog Image
Google / 20 February 2018
How secure is your website? That’s a question that will soon be on the lips of all Chrome users, as Google has announced that in just a few months, it will be marking all unencrypted sites as “not secure”. That means that every site which uses HTTP rather than HTTPS will carry a worrying “not secure” warning at the side of the address bar, alerting users to potential risks.


What is HTTPS?

This update is a feature of Chrome 68, due to be released in July 2018. It shouldn’t come as too much of a surprise, as for years Google has been using various methods to encourage the switch to HTTPS. HTTPS, a system which prevents third parties from accessing data from websites, is not a Google initiative, but it has been heavily pushed by the search engine giant. The protocol adds an extra dimension of security to HTTP by using an SSL certificate (Secure Sockets Layer). This ensures that the connection between browser and server is encrypted, and therefore secure.

The security promised by HTTPS is particularly important for e-commerce sites, or any site that involves users entering personal login information. Since 2016, websites which still use HTTP for e-commerce have been flagged as insecure. Later, this was rolled out to include all websites including data entry forms, and the forthcoming update will affect all unencrypted websites, regardless of content.

Google has also been incentivising making the change by punishing websites which use unencrypted HTTP: these sites receive lower rankings than their encrypted counterparts in search results. The campaign has been successful: over 68% of Chrome traffic across all operating systems is protected by HTTPS, and 81 of the top 100 websites use HTTPS by default.

Making the Switch

So if you’ve already made the switch to HTTPS, then pat yourself on the back and relax. If you haven’t, looking at the days counting down towards the looming Chrome deadline, you might be starting to panic. But changing from HTTP to HTTPS isn’t as daunting a proposition as it used to be. As part of its security drive, Google has provided users with some helpful tools. Your first step should be the open source Lighthouse, which now contains a special audit feature. This can tell you which of your resources are still using HTTP to load, so you can focus on specific problems with your site.
To make the switch, you will need to purcase an SSL certificate and dedicated IP address. After installing the certificate, you will have to update all the code libraries that your site uses (Ajax, JavaScript, third-party plugins, etc), redirect any external links to HTTPS instead of HTTP, and update htaccess applications.

Updating the links will require a careful memory and eye for detail, as you will have to update all the links that you control to make sure users land on the HTTPS version of your site. Check landing pages, paid search links, marketing emails, and social media adverts – they must all be updated to HTTPS.

Making the move is obviously easier if you control a smaller website. A larger site may need to dedicate quite some time and resources to switching to HTTPS, and anyone with limited technical abilities will be better off asking for help from an experienced webmaster – this is not the kind of thing that you can teach yourself in an afternoon with a Youtube tutorial.

Time’s Running Out

As the Chrome deadline looms, changing from HTTP to HTTPS is something that you really can’t afford to put off any longer. Not only will this help you by making your website more secure, it will also reassure users – nothing puts people off like a bright red ‘NOT SECURE’ notice next to your URL! Research from GlobalSign has shown that, when faced with a website without HTTPS in place, over 80 percent of customers would abandon a purchase.

Of course, it’s important to keep in mind that HTTPS is not a magic bullet. Hackers and phishers can still target your website, but encryption will help increase your online security a lot. With Google’s latest news, only a fool would cling to HTTP. The clock is ticking – are you on HTTPS yet?

Request free Audit Request a quote