Google is about to mark your website as insecure
If you still aren't using HTTPS then Google is about to mark your website as insecure and scare away your visitors.
Update: Version 68 of the Chrome browser was released on July 24th 2018 and now identifies non-HTTPS websites as insecure! Contact us if you need any help getting your website off the "insecure" list.
You know that feeling you get when you walk into a street with prominent warning signs?
Signs that let you know you’ve just crossed over into a high crime area...
“Beware of pickpockets” warns one. Another tells you that “We aren’t responsible” for what happens you in the area. Some might even warn you to “Shop here at your own risk”.
You know that feeling ? It’s not pleasant, is it?
What if every one of your website visitors got that same uncomfortable feeling when they visit your website?
If your website isn't using HTTPS by the next release of the Chrome browser, they will ...
We've been forewarned
In April of 2017 Google mentioned - announced is too strong a word for it - that they’d start marking sites as insecure. But only in certain situations. For example, if you needed to enter a password or other data in a form that wasn’t protected with HTTPS, Chrome displayed a little warning in the address bar.
In February of this year they stepped it up a notch: later in the year Chrome would mark all sites using HTTP as insecure.
That time is nigh
So, that time has come. Or at least it’s very soon.
The change will come in Chrome version 68 due for release around 23rd July.
Why mark your website as insecure?
You know me, I love definitions ...
Encryption is the process of encoding information so that only authorised parties can access it. Those who are not authorised cannot.
HTTPS encrypts the data between a browser and a website.
Protecting the connection between your browser and the website you’re visiting with encryption is a good thing. It means no one in the middle can tamper with the traffic or spy on what you’re doing.
Without this encryption, someone could intercept information sent to websites. From there they could inject malware into that information or use it for their own gain.
Websites using HTTP are without this encryption.
HTTPS does not mean a website is secure. It means the connection to that website is encrypted, nothing more.
There's a misconception that HTTPS means a site is safe. It doesn't. A site using HTTPS can still infect you with malware. Google will not necessarily mark your website as insecure because of that.
Follow the sheep
If you STILL aren’t convinced of the need for better basic online security, then why not follow the crowd:
- Over 68% of Chrome traffic on Android and Windows is over HTTPS
- Over 78% of Chrome traffic on both Chrome OS and Mac over HTTPS
- 81 of the top 100 sites on the web now use HTTPS
Of course, that still means 20-30% of traffic is NOT yet encrypted. (Now out of date, this Google page shows that as of October 2017, traffic to many major sites was still not encrypted. )
By the end of this month that figure will be much less.
There has been a high adoption of SSL
But the adoption rate has been very strong, especially over the past year or two. That may denote either
- Google’s power: Chrome has been the most popular browser since March 2012 and now commands around 60% of the browser market
- or that people are becoming more aware and more serious about online security.
Let’s say it’s a bit of both ...
Your customers already care about security
Research by Ipsos found that 87% of internet users will not complete a transaction if they see a browser warning.
More than half (58%) said they would go to a competitor's website to complete their purchase.
I'm guessing you don't want them to see that you let Google mark your website as insecure.
Download our security checklist & be among the top 1% of secure WordPress websites
Download our complete security checklist and subscribe to our mailing list
Conclusion - Hop To It
Along with the recent GDPR laws to protect personal data, this is a step in the right direction. And it’s about time. It’s likely other browsers will soon follow suit until HTTPS becomes the new norm.
HTTPS has also become much easier and most often free through automated services like Let’s Encrypt.
Check if your host offers a free SSL cert; the best ones do. If yours doesn’t at this stage, consider moving. It’s almost always less painful and disruptive than you think.
If you need help installing an SSL certificate on your website:
- Google has its own Lighthouse tool, which helps in migrating a website to HTTPS, although it is pretty technical
- You can give us a shout and we’ll do it all for you.
Otherwise, come the end of July, you'll have allowed Google to mark your website as insecure, even if it isn't.