Non HTTPS “Not Secure” Google Chrome Warnings.
Currently, there is a trend in the web world to make websites increasingly secure. And one way to do this is by implementing the HTTPS protocol. One of the great advocates of implementing this protocol is Google, which aims to make all sites have HTTPS soon.
The Mountain View giant has revealed that as of Version 62 of Chrome, expected to be released in October, the browser will adopt a new behavior in the display of the warning “Not Secure” for sites that do not present the HTTPS protocol. It is predictable that almost 50% of Irish Sites will receive this warning.
For some time now Chrome has been showing the “Not Secure” warning on HTTP pages that contain fields for typing critical data, such as passwords and credit card numbers. But with the update in progress, any information that the user has to enter like an email address on a contact form will be treated as sensitive. The alert, therefore, will appear more often, especially in anonymous tabs: in them, the message will appear even if the user does not type anything.
Will my website be affected?
Here are some questions that will help you get an answer to that:
1- Does your website have any text fields to fill? (Contact forms, search fields, access to reserved areas of the website, etc.)
2- Does your website use HTTP access:// in the browser address bar by default?
If you answered yes to both questions, then your website will be one of those affected by what we mentioned above, and you should implement an SSL certificate to avoid the ‘NOT SECURE’ website warning.
When we talk about security in the connection, we are talking about HTTP and HTTPS.
When you access a page with HTTPS, you are in front of a site that has SSL/TLS certificate. This feature essentially validates the site’s identity and encrypts the information the user receives or sends to the address. In practice, visitors are more protected. That’s why Google strongly advocates adopting the feature.
For some time now Chrome has been showing the “Not Secure” warning on HTTP pages that contain fields for critical typing data, such as passwords and credit card numbers.
In Chrome, protected sites display a lock followed by the word “Secure” at the beginning of the address bar.
Pages that use only HTTP, in turn, are identified with an ‘i’ within a circle. By clicking on it, you will see a warning that the page is not secure. The danger is that sending any unencrypted data can be spied on. Hackers can intercept data by compromising Internet routers, spying on public Wi-Fi networks, or through man-in-the-middle attacks involving the embodiment of legitimate web services.
Major sites, such as Google, Twitter, and Facebook, have already moved to HTTPS, a more secure protocol that encrypts the Internet connection.
But while HTTPS has become dominant across the Web, not all sites have embraced it. That’s why Google is using its Chrome browser to alert users to unsafe HTTP pages.
With the update in progress, any information that the user has to enter will be treated as sensitive.
How does HTTPS absence affect your website?
While restrictions were a matter of influence on SEO or AdWords campaigns, for most sites the impact was small. But now it will directly target the insecurity generated by its users. After all, we know that the vast majority of Internet users do not read the warning messages completely and when faced with any further warning that says the name security, their first reaction will probably be to leave your site.
Are you going to risk losing a sale because your website has generated a certain “insecurity”?
Ensure the security of your website.
The good news is that depending on the complexity of the site, solving this is very easy and also getting cheaper. Installing an SSL certificate is simple, and most hosting management panels already have quick, easy step by step instructions to do it in a few minutes. Regarding the purchase of the certificate itself, there are several options, but the most simple and valid for most cases costs less than 5 euros.
After you have purchased the certificate and installed it on the server, be sure to set up your site correctly so that all accesses made in HTTP are routed to the same HTTPS address. Google does not treat an HTTP page that became HTTPS as the same address, so the previous link (with http:// at the beginning) should be configured to automatically point to the new link (with https://). This way you will ensure that your customers always surf the secure site and also prevents any search engine crawling problems.
In addition to the benefits of providing more security for the user, despite being of little expression when compared with other elements, using HTTPS protocol also contributes and is used as a ranking factor in Google.
Having this in mind and with the significant increase in the risk of your website being considered ‘NOT SAFE’ transmitting insecurity to its visitors, we believe that the time has come for agencies, private individuals, and internet service providers to take the necessary step towards a safer internet by changing to the HTTPS protocol.