April 18, 2018

Yeah, now your site needs to use HTTPS

Chris Esh

Google Chrome will start flagging regular HTTP sites as "Not Secure" starting in July 2018. Which mean HTTPS is now mandatory, regardless of whether you consider your data in need of encryption.

pexels-photo-374857

Starting in July, Google Chrome will start flagging all sites that are still using HTTP (instead of the more secure HTTPS) as “Not Secure,” right in the browser next to your web address.

It’s the boldest of their steady push to get the whole internet on HTTPS to increase security for users. First they only marked pages with credit card information and other forms. Then last fall they started marking all HTTP sites as “Not Secure” only when viewed in Incognito mode. In July, everybody who visits your HTTP site from Chrome  (which is far and away the most popular browser) will see that it’s insecure.

That’s not good for business, obviously.

What is HTTPS?

In a nutshell, when using HTTPS, the data sent between the user and the website server is all encrypted, using an SSL or TLS certificate. This ensures that information sent in either direction can’t be intercepted, and it ensures that users are actually on the site they think they’re on.

How do I know if my website is secure?

If your web address starts with HTTPS, and everything is configured properly, you’ll see a green padlock and the word “Secure” next to the address bar in Chrome:

If it uses plain HTTP, Chrome currently just shows this:

But in Chrome Incognito it shows this, which is how it’ll be treated in regular Chrome starting in July:

Which means HTTPS is mandatory, regardless of whether you consider your data in need of encryption. Users largely will not know what triggers the warning, and some will probably assume they are downloading viruses just by visiting your site.

Also, Google gives sites with an SSL certificate a boost in search engine rankings. So there’s that too.

OK, OK, so how do I get Secure?

An SSL/TLS certificate can be added to your site through your hosting account. Some hosts have fairly simple tools that help automate the process, whereas others are a bit more involved.

Here is a handy tutorial on getting an SSL Certificate for your website:

How to Get a Free SSL Certificate (and Why Google is Forcing You To)

If you have questions about it, drop me a line.

IceCreamDoodle

Join our email list!

Tips and tricks to bring your marketing inline with your values, delivered to your inbox.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Related Posts

A handy, no-nonsense guide to website accessibility

Defining your brand and target audience as a nonprofit organization

AI is changing everything. What does that mean for content marketing?

The challenge every nonprofit faces