Chrome Cracks Down Harder on Insecure Websites in October 2017

One of my clients got an email from Google this week with a warning about his insecure website (a site which does not have an SSL certificate so the URL begins with HTTP instead of HTTPS). Chrome is taking things to the next level (a welcome change as far as I’m concerned) with its drive to push all the web to HTTPS.

In October 2017, Chrome will begin showing a “Not Secure” warning whenever a user enters text in a form on an HTTP page, and for all HTTP pages when browsing in incognito mode.

So picture that, those of you who’ve delayed securing your business website… someone comes to your site and wants to contact you with some questions. They go to your contact form, start typing – and they suddenly see Not Secure appear in the address bar, something like this:

HTTP Search

Even if they’re not buying something from you, that’s enough to make some users think twice, or it should be.

And if you’re still offering items for purchase on an insecure site, you’re putting your users at great risk (as well as yourself and anyone who works in the backend of your site) and this should help dissuade users from buying from your site.

Please, get an SSL certficate. Even from a host that greatly overcharges you, you can usually get by for $50/year or less, and some of the better hosts now offer free Let’s Encrypt SSL certificates.

Once you have it installed, it’s a matter of an hour or two of work on many smaller sites to get it correctly switched over to HTTPS (though it can be very time-consuming on larger sites) – it must be done with care to avoid search engine ranking and indexing issues. But it’s an effort that you really must make. Google will only get harder on sites that stay with HTTP, and those site owners are putting all who use their website at risk.

Eventually this is what Google plans to do to HTTP websites in the address bar, and you don’t want your customers to see this, do you?

Chrome treatment of HTTP