Google to mark all non-encrypted websites as ‘NOT SECURE’ from July 2018

From July 2018, websites running on http (rather than https) will show a ‘NOT SECURE’ warning in Google Chrome (version 68) to all visitors. This new warning is part of Google’s long term plan to encrypt every website on the Internet.

Why is Google doing this?

Google is an advocate for a secure, encrypted Internet. The benefits of which are: increased security, better anonymity to protect user’s privacy, as well as enabling the use of newer technology to make browsing the internet faster.

Without SSL (https://) any information sent between your web browser and the internet is in plain-text, meaning that anybody on the same network could potentially steal usernames, passwords, login sessions or private details. This makes SSL especially important for public-hotspots where you don’t know who else is on the Wi-Fi network.

Over the last few years Google, as well as other players such as Mozilla (Firefox) and Apple have been incrementally making improvements targeted toward SSL-enabled websites as well as adding restrictions to non-SSL websites. Login pages were the first to receive NOT SECURE warnings and more recently contact forms as well as newsletter subscription forms.

Why now?

Recent technology has significantly reduced the cost of SSL Certificates. Just a few years ago these cost over $150 per year, but now these are so cheap that we offer them for free to our hosting customers. This has meant that the Internet has slowly been moving to SSL, but Google wants to speed it up. Currently between 60-80% of internet traffic (through Google Chrome) uses SSL (https://).

Am I affected?

The simplest way to check your website is to open it in the Google Chrome web browser. If you see a green padlock and the text “Secure” to the left of your website URL, your website will not be affected, otherwise it will.

What can be done to fix this?

Web Bird Digital already offer free SSL certificates to all of our hosting clients, however your website need to be configured to make use of these by running on https:// (rather than http://). Web Bird Digital offer two solutions to this.

Secure your website by:

  1. Requesting a migration to HTTPS for a one-off payment of $75 (plus GST), OR
  2. Signing up for our Website Maintenance Program for just $30 per month (plus GST) for a FREE HTTPS migration.

Our Website Maintenance Program ensures your website’s software is up-to-date and secure. We’ll also check to ensure that your website is optimised to load quickly and fix any bugs as your website gets a bit older. Your website will always be working it’s hardest for your business. We may also recommend or make tweaks to keep your website looking current as trends change. Click here to find out more.

Click here to request a HTTPS migration

Can I fix this myself?

Yes, but it’s a tedious and potentially risky process so we recommend that this one is left to the professionals. To migrate a website to SSL involves the following: A global database update of the site URL, Update of any static references in Themes and Plugins, Correction of any errors that result from the migration, Redirection of http pages to https.

Want to read more?

Google Blog – A secure web is here to stay
TechCrunch – Chrome will soon mark all unencrypted pages as ‘not secure’
The Verge – Chrome will mark all HTTP sites as ‘not secure’ starting in July
Akamai – Make way for HTTPS
Cloudflare – HTTPS or bust: Chrome’s plan to label sites as “Not Secure”

Click here to request a HTTPS migration