It’s been a long time coming but Google has now put a date on when they will start marking HTTP websites as “Not Secure” in Chrome.
Read our post to find out what this means for your insecure website.
Google has been committed to making the internet a safer place for many years now.
They’ve long pushed secure connections for Gmail as well as websites that collect financial information.
Google started penalizing insecure websites in their search results in 2015.
In January, HTTP pages in incognito mode were marked as “Not Secure”.
Today, Google has announced that all HTTP pages will be marked as “Not Secure” in Chrome from July 2018.
What this means for insecure websites
Insecure websites will likely see a drop off in visitors. Readers are easily spooked and the presence of a “Not Secure” warning will scare off some (but not all) visitors.
If you have an insecure website, you need to start planning to implement HTTPS.
How to secure your website
Securing a website requires the implementation of a signed certificate issued by a trusted certificate authority. Don’t worry if that sounds confusing, it’s easy to set up anyway.
If you use a web designer to manage your website, call them and ask what to do next.
If you manage your own website, approach your hosting service to find out what your options are.
About Free Certificates
Free certificates are available from Comodo and Let’s Encrypt. They expire every 90 days so you’ll need an automated means of managing them.
We prefer Let’s Encrypt over Comodo. Let’s Encrypt is a free, open certificate authority launched by the non-profit Internet Security Research Group (ISRG). They caused an uproar when they first started because their free automated certificate issuance directly impacted the revenues of much larger Certificate Authorities (especially Comodo who launched a trademark violation lawsuit against Let’s Encrypt).
Let’s Encrypt has issued over 100 million certificates since they launched their free service in 2015. It would be safe to assume that Let’s Encrypt growth and success have positively contributed to Googles announcement today.
Is that it?
Almost. Once you have a certificate installed, you should setup a rule to redirect visitors from HTTP to HTTPS (known as a 301 redirect).
For security, you could also look at implementing HSTS (HTTP Strict Transport Security) however that’s a topic for another day.
How much will it cost?
It should cost you nothing. Free certificates have been available for years and most web hosts offer free certificate management services.
Note: If your website was created in the past year, it should have been delivered with HTTPS. Some argue that HTTPS is only necessary on websites with sensitive information, however, we’ve known for a number of years now that this change was coming.
If your web host service does not provide free, ongoing automated certificates, ask them to implement it.
If your host refuses to implement it, our advice is to find a new web host that does offer it (we recommend NetVirtue using the 50OFF coupon).
Please contact us via our Facebook page or call us directly on 02-8502-8954, we’re always happy to give out free advice. Alternatively, you can make a booking for us to manage it entirely on your behalf.