At the beginning of this year, we published an article on HTTP pages now showing as “Not Secure” in Firefox and Chrome browsers. This was to announce the change in connection security warnings for any HTTP pages that have credit card or password fields on them. HTTP website owners shouldn’t take these warnings lightly.
So what is HTTP/S
HTTP is the protocol use by the World Wide Web. It forms the connection between the website and its visitors. The S on the end of HTTPS means ‘Secure’ and the connection between the website and its visitors are encrypted using an SSL certificate.
How a secure website currently looks.
How a non secure website currently looks.
How a non secure website will look as of October 2017.
There is now a new advancement in Google’s efforts to encourage people to make the switch to HTTPS. Google announced this statement a few months ago:
“Beginning in October 2017, Chrome will show the ‘Not secure’ warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.”
What this means for HTTP website owners
This means, if your website has a form on it or a search box, and your website is still using HTTP, your website will be shown as “Not Secure” to your website visitors.
Google has started emailing website owners via Google Search Console of certain pages on their websites that will be shown as “Not Secure” in Chrome 62 as of October 17.
If you don’t have your website setup in Google Search Console, you won’t receive any notifications about this.
Here is a copy of the email:
Google then goes on to say that eventually, all HTTP websites will be shown as “Not Secure” even if the user is browsing in Incognito mode.
Migrating to HTTPS
So, what’s the next step? You can fix this by migrating to HTTPS today. This is the only way to ensure your website will be shown as “Secure” to all users, across all browsers. We wouldn’t recommend putting this off any longer.
Firstly, you will need to purchase and install an SSL certificate. This can be done through your web hosting provider and in some cases can be provided free via the Let’s Encrypt project. Speak to your hosting provider about what options are available to you.
Secondly, a fairly delicate process is involved to successfully change the configuration of your website to solely use the HTTPS protocol. It is best to leave these changes to a professional, as there are many ways migrating to HTTPS can go wrong if done incorrectly.