Has your WordPress website made the switch to HTTPS? If not, you may be in for a shock as Google begins phase two of its plan to mark all HTTP pages as ‘not secure’.
This means that if you have any forms, login fields and other input sections on your website, your visitors will be notified on Chrome 62 that they not secure.
What is HTTPS?
HTTPS, the secure version of HTTP, offers better protection against someone on the same network. It’s an encryption method that secures the connection between your browser and your server, making it harder for third parties to intercept data passed between the two systems. Without HTTPS, any data passed between the browser and server is insecure and easily deciphered by hackers and fraudsters.
It is particularly important for ecommerce sites that accept online card payments or for sites where you collect personal information using form submissions. For those who have yet to move to HTTPS, Google’s plan to mark all HTTP websites are insecure should provide the motivation to upgrade.
When will Google roll this out?
Back in January, Google started to label some pages in HTTP as non-secure with the release of Chrome 56. This phase affected website pages that transmit sensitive information such as login and payment-card data on the web.
This is part of Google’s long-term plan to mark all HTTP sites as non-secure. The warning will become more prominent as time goes on to let users know that data is being exchanged on an unencrypted connection.
From the beginning of October 2017, Google will start to mark pages as not secure in Chrome 62. This will happen when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.
“Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS,” Chrome Security Team said.
Is your website affected?
To find out whether your website is affected, ask yourself these questions:
- Does your site require any text input through contact forms, search bars, login panels, etc.
- Is your website using HTTP:// in the address bar?
If the answer is “yes” to both questions, you’ll need to implement SSL to avoid showing a ‘not secure’ warning in browsers.
What can I do to avoid the warning?
Google urges website owners to fix the problem by implementing SSL certificates to migrate to HTTPS.
The internet would be a safer place if all traffic was encrypted and so Google is piling on the pressure for companies to encrypt their websites with the HTTPS protocol. The expanded warnings for HTTP pages are likely to add pressure for site owners to acquire the necessary SSL/TLS certificates and setup HTTPS on their web servers.
Aside from keeping your visitors data secure and preventing the warning from showing, Google has also started using HTTPS as a ranking signal which means your website will rank better if it uses the protocol. Therefore, you will find your site penalised if it refuses to comply.
To avoid compromising your customers’ data and having the ‘not secure’ warning displayed, you should migrate to HTTPS as soon as possible. Contact WP Tech Support to make the change to HTTPS today!