Google has announced they want to make navigating the Internet safer. Read on.
Google Chrome SSL Requirements
Beginning in January 2017, those of you who are Chrome users will be notified that some HTTP sites are “not secure.” At this time, when connecting via the Chrome browser there is a “neutral indicator” for HTTP links.
According to Google Security Blog “This doesn’t reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.”
Check out this video: Mythbusting HTTPS
Take time to watch this. It's about 32 mintues and it's REAL good.
Internet connections that handle sensitive information such as, passwords or credit card forms and are labeled as HTTP only can be at risk. They will be marked as non-secure.
This is not to say you will be blocked from using those sites, but now you will be notified that the connection you have made is not encrypted. Having a site that is encrypted is a REAL good thing. That way no pesky hacker can see anything therefore keeping your online properties safe.
Did you know that on an HTTP site, everything is wide open to the WWW?
Having HTTPS will stop hackers in their tracks. Yes!
To be honest, at first I poo pooed this whole thing but it all makes total sense even for sites like my personal ones that have no log in page, e-commerce, etc. I hear that ultimately Chrome will treat all sites that don't comply, un-trusted therefore presenting us with a page full of errors.
Know what that means? No one will even be able to use our sites. That is not good.
What should you be looking for?
Sites that handle sensitive information and are more secure will be labeled as HTTPS. If you use WordPress.com, you are set. We are not familiar with the plans going forward for sites like Square Space.
If you are typing in passwords and/or credit card information you will want to make sure they are HTTPS encrypted. If they are not then Chrome will let you know.
**Note: Instead of typing in sensitive information we recommend using LastPass. This is the best way to keep out hackers.
Currently there are two ways you can tell if a page is using HTTPS:
- In the browser window there is a LOCK icon. This is usually at the bottom.
- The URL says “https://”
Many just overlook this. They plug in very important information and click send without even checking. Is that you? Well you're not alone.
It is noted that Chrome doesn't want users to be overly “blind to warnings that occur too frequently.” However, the plan is to be more clear about labeling HTTP sites with more precision as non-secure.
What is Chrome really planning to change?
“Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.” Google
This will be a gradual process. But a very important one so pay attention.
First: Chrome 56 will label HTTP pages as not secure where passwords and banking information is needed due to very personal information.
Next: Extended HTTP warnings will continue about not being secure while in Incognito mode.
Lastly: Chrome will, in the long run, tag all HTTP connections with a red triangle as non-secure pages.
If you manage a connection that requires moving to HTTPS, don't wait. Make sure you are secure and ready for sensitive information before it gets tagged by Chrome.
*As of right now, we have not heard that other browsers are making this mandatory but let's just assume down the road they will. Better to be safe than sorry.
It is important to know – moving to a HTTPS connection will not quite affect ranking but Google will give preference to sites with HTTPS over ones still at http from what we hear. There are quite a few steps you'll need to take to complete the process so be sure to do your research before starting.
You'll need to get in touch with your host and have them install the Let's Encrypt SSL certificate. Oh and you don't need to be on a dedicated IP and shouldn't have to pay to get SSL capability.
Cloudflare is another option and it's my understanding that they offer free SSL to their customers.
If you prefer that one of our top security experts handle the move from http to https for your WordPress website, sign up here and we'll take it from there.