Web browsers will mark all HTTP sites as 'unsecure' starting in July
- From
- DigitalFlare News
According to the Chrome security team, Google Chrome will mark all HTTP sites as 'not secure' in July. Chrome currently displays a neutral information icon, but starting with version 68, the browser will warn users with an extra notification in the address bar. Chrome now marks HTTPS-encrypted sites with a green lock icon and a 'Secure' sign.
Google has been nudging users away from unencrypted sites for years, but this is the most forceful nudge yet. Google search began down-ranking unencrypted sites in 2015, and the following year, the Chrome team instituted a similar warning for unencrypted password fields.
The Chrome team said it was mainly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and a substantial majority of Chrome traffic is already encrypted. 'Based on the awesome rate of sites migrating to HTTPS and the strong trajectory through this year'.
HTTPS encryption protects the channel between your browser and the website you're visiting, ensuring no one in the middle can tamper with the traffic or spy on what you're doing. Without that encryption, someone accessing your router or ISP could intercept information sent to websites or inject malware into otherwise legitimate pages. (See our What is SSL blog post).
What does this mean for companies with websites without SSL certificates?
Well, they are not going to 'fall off the end of the earth' - The website will not overnight just become "unsecured". Much of the security of the website physically depends on the server, the server's software, the firewall and, of course, the actual code/design of the website and database connections. An SSL certificate is just another piece of a giant puzzle, but for "Joe Average", seeing an 'Unsecure Website' message in the browser header could be detrimental, so we would advise any client who has a website, particularly a website which stores customers data or has a form on it to have an SSL security certificate installed. In addition, there can be some SEO benefits to having one installed.
Costs: SSL fees have been reduced considerably over the last few years. Here at DigitalFlare, our basic SSL certificate costs from £50 per year. You can purchase them cheaper, but our fee includes the setup of the certificate, the adjustments we need to make to any existing website - i.e., the base URL, adjustments to an HT Access file to format 301 redirects from the old URL (http:// to the new URL https://) as well as setting up email SSL security. In addition, we will also edit any sitemaps and resubmit your website to Google. Serving both http:// and https:// versions of the website is not recommended, as you can be penalised for duplicate content.