Pretty soon that's the message visitors to your website will see in the Chrome web browser. But only if you're not using an SSL certificate yet.
UPDATE: This post is now outdated. As of July 2018 Google Chrome indicates whether a site has HTTPS installed or not. See this more recent post for details.
If you own a website you have probably heard of the need to install an SSL certificate. An SSL certificate means your website address will begin with https:// rather than http://
Back in April of this year, Google made a seemingly casual announcement about a new feature coming in their Chrome browser in October. If your site doesn't use HTTPS then Chrome will display a "Not Secure" sign in the browser's address bar.
Read on to learn why should you care about this ...
Why are Google Doing This?
Google have long been advocates for a more secure web. Central to that is providing greater visibility on a website's security. In practice this means making a lack of security more visible.
Since 2014, Google have been including SSL certificates as a ranking factor. This means if your site uses HTTPS you will rank better than if it used HTTP. Aside from the obvious advantage to a (slight) boost in search results, what you should really care about is the human factor - how this affects your website visitors.
Why The Not Secure Warning Is Bad For Your Site
Now, to be honest, many visitors won't notice the warning at first. But many will.
Many of those who do notice may not care. But many will.
And many of those who do care will leave your site right away. Seeing your site marked as "Not Secure" does not make for a good user experience.
If you're trying to get your visitors to "know, like and trust" your business, this isn't a great start to the trust part.
“All things being equal, people do business with, and refer business to people they know, like and trust.” -- Bob Burg, Endless Referrals
Whether you agree with Google's decision to scare visitors away if you don't follow their wishes or not, you really don't have a choice. Google do have the influence and power to change how people use the Web.
Why HTTPS Is Better
HTTP (Hypertext Transfer Protocol) is the protocol (set of technical rules) used by your web browser to communicate with a website. With this protocol, data exchanges between a website and a browser is unencrypted. This means it can be read once intercepted (quite easily as it turns out e.g. at your local coffee shop's Wifi). This includes any and all data passed - passwords, usernames, credit card details ...
HTTPS is the secure version of this HTTP protocl, the S standing for Secure. With HTTPS, all communication between a website and your computer is encrypted. Furthermore, it authenticates the website. That means you can be sure that this is the real website and not a fake one used in a man-in-the-middle attack.
It's becoming easier for anyone to become a website owner without technical know-how. Because of this, websites are becoming, in general, less secure. (If you're a website owner who can't put the basic security in place on your site then please at least consider hiring someone to do it for you.)
It's also becoming easier for hackers to exploit this trend. The availability of free, high-quality tools makes it easy for any wanna-be "hacker" to intercept that data. Even if they have limited technical ability.
Not to worry you too much, but that guy over in the corner of your local coffee shop could be one of them. He could be using the free Wireshark tool to capture every bit of information flowing from your laptop to the public WiFi network you're both using! Did you log into your email account just now? Your password is floating somewhere out there as you read this ...
This is not an ideal state of affairs! Having that data encrypted is a good first step in protecting yourself.
But what does it all mean in practice?
Why To Deal With It
As business owners with a website, we'd all like the Web to be a safer place to carry out our business, right? Using SSL will
Technicalities aside, there's one aspect of this that has a more direct effect on our visitors: their negative perception. It's pretty simple: a visitor seeing a "Not Secure" warning will find it hard to trust you and your business.
We can debate the merits of Google having so much power that they can force something like this on us. At the end of the day it's really your site visitors that matter ...
How to deal with it
You have two options here. You can ignore it. Yes, that is an option. Not everyone uses Google's Chrome browser ...
Chrome accounts for around 51% of all broswers. (Source: averaged reports from Statcounter, NetMarketShare and Wikimedia)
So, that means half of internet users use a different browser like Safari, IE, Firefox, UC etc
If you don't care about the 50% of your visitors who use Chrome then feel free to keep using insecure connections to your website! You can skip the rest of this article.
Now, for the majority of smart business owners, of whom I hope you are one, should not ignore this. The only viable option for you is to install an SSL certificate on your website.
This used to be a technical job but nowadays most hosting companies make it a simple process. Often after taking payment from you, of course. A few clicks and you can have the SSL installed.
The Good News
But, there's even better news. The non-profit organisation Let's Encrypt offer free SSL certs to everyone!
More and more trustworthy hosting providers, such as Siteground, are offering these free SSL certs to customers. If you have that option then act now and follow their installation instructions. Check for your hosting company in this list.
If you don't have a free option, it is possible but time-consuming to do it yourself. To go that route here's a link to the Let's Encrypt documentation.
This is the plainly-stated recommendation from Let's Encrypt:
For most people it is better to request Let’s Encrypt support from your hosting provider, or switch providers if they do not plan to implement it.
Put it on your to do list for this week:
Of course, you can continue to use HTTP and thereby advertise your lack of trustworthiness to your website visitors.
As always, it's your choice!
Do you agree with Google's policy? Let me know what you think in the comments below.
Update September 12th 2017:
Sucuri just yesterday released a new complete guide to implementing SSL on your site. If you want to understand it all and do it yourself, their guide has everything you need. A warning though: it does get technical.