Unsecure website browser SSL missing

In July Google Chrome will mark all HTTP sites as 'not secure', according to the Chrome security team. Chrome currently displays a neutral information icon, but starting with version 68, the browser will warn users with an extra notification in the address bar. Chrome currently marks HTTPS-encrypted sites with a green lock icon and 'Secure' sign.

Google has been nudging users away from unencrypted sites for years, but this is the most forceful nudge yet. Google search began down-ranking unencrypted sites in 2015, and the following year, the Chrome team instituted a similar warning for unencrypted password fields.

The Chrome team said it was mostly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and a strong majority of Chrome traffic is already encrypted. 'Based on the awesome rate that sites have been migrating to HTTPS and the strong trajectory through this year'.

HTTPS encryption protects the channel between your browser and the website you're visiting, ensuring no one in the middle can tamper with the traffic or spy on what you're doing. Without that encryption, someone with access to your router or ISP could intercept information sent to websites or inject malware into otherwise legitimate pages. (See our what is SSL blog post).

What does this mean for companies with websites without SSL certificates?

Well they are not really going to 'fall off the end of the earth' - The website will not overnight just become "unsecure". Much of the security of the website physically depends on the server, the server's software, the firewall and of course the actual code/design of the website and database connections. An SSL certificate is just another piece of a large puzzle, but for "Joe Average" seeing a 'Unsecure Website' message in the browser header could be detrimental, so we would advise any client who has a website, particularly a website which stores customers data, or has a form on it to have an SSL security certificate installed. In addition, there can be some SEO benefits to having one installed.

Costs: SSL fees have reduced considerably over the last few years. Here at DigitalFlare our basic SSL certificate costs from £50 per year. You can purchase them cheaper, but our fee includes the setup of the certificate, the adjustments we need to make to any existing website - ie: the base URL, adjustments to a HT Access file to setup 301 redirects from the old URL (http:// to the new URL https://) as well as setting up email SSL security. In addition, we will also edit any sitemaps and resubmit your website to Google. Serving both http:// and https:// versions of the website is not recommended as you can be penalised for duplicate content.

To enquire about an SSL certificate for your existing website please drop us an email.