Starting in July, Google Chrome will start flagging all sites that are still using HTTP (instead of the more secure HTTPS) as “Not Secure,” right in the browser next to your web address.
It’s the boldest of their steady push to get the whole internet on HTTPS to increase security for users. First they only marked pages with credit card information and other forms. Then last fall they started marking all HTTP sites as “Not Secure” only when viewed in Incognito mode. In July, everybody who visits your HTTP site from Chrome (which is far and away the most popular browser) will see that it’s insecure.
That’s not good for business, obviously.
What is HTTPS?
In a nutshell, when using HTTPS, the data sent between the user and the website server is all encrypted, using an SSL or TLS certificate. This ensures that information sent in either direction can’t be intercepted, and it ensures that users are actually on the site they think they’re on.
How do I know if my website is secure?
If your web address starts with HTTPS, and everything is configured properly, you’ll see a green padlock and the word “Secure” next to the address bar in Chrome:
If it uses plain HTTP, Chrome currently just shows this:
But in Chrome Incognito it shows this, which is how it’ll be treated in regular Chrome starting in July:
Which means HTTPS is mandatory, regardless of whether you consider your data in need of encryption. Users largely will not know what triggers the warning, and some will probably assume they are downloading viruses just by visiting your site.
Also, Google gives sites with an SSL certificate a boost in search engine rankings. So there’s that too.
OK, OK, so how do I get Secure?
An SSL/TLS certificate can be added to your site through your hosting account. Some hosts have fairly simple tools that help automate the process, whereas others are a bit more involved.
Here is a handy tutorial on getting an SSL Certificate for your website:
If you have questions about it, drop me a line.