The 11th hour is now. We are less then a month away from Chrome Browser’s version 68 release. If your website hasn’t been updated to HTTPS/SSL, NOW is the time to make the change.
Enclosed here are two screenshot previews of what the Chrome URL bar will look like in version 68 for both HTTPS secure and not secure websites. Take note that the security lock is no longer green and the new “Not secure” message is next to the circled “i” icon.
The following is the original article.
As we described in an earlier post, Google has progressively leaned on website owners to move from HTTP to HTTPS. First they gave HTTPS-enabled websites a rank boost in Google Search results. Then, the Chrome browser began displaying a “Not Secure” message on HTTP login pages and others with sensitive information. Now, beginning July 24, 2018 with Google Chrome release 68, Chrome browser users will start seeing a Not Secure message on all non-HTTPS pages.
In Google’s own words, this is how the Chrome browser will treat HTTP pages…
“Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as Not secure.”
With the Chrome browser controlling >60% of the browser market, this will surely be detrimental to business websites not HTTPS-enabled. What customer would want to do business with a website that’s Not secure?
HTTP or HTTPS… What is this HTTPS Protocol?
HTTPS (AKA HTTPS/SSL) is one of the several layers of security that should be established on a website. Unlike the HTTP protocol, HTTPS provides an end-to-end encrypted connection between a website visitor’s browser and the website server. A plain HTTP connection is open to eavesdropping; something definitely not wanted when inputting a credit card for a purchase or when typing in your bank account credentials. Although HTTPS has been a prerequisite for credit card processing, many studies have revealed the majority of people regularly repurpose the same credentials used for online banking as they do for non-financial accounts. This behavior creates serious security hazards, which has prompted the ‘Guardians of the Internet’ (Google, Mozilla, Microsoft, etc…) to push for SSL connections as a way to achieve a more secure Internet. Read more about how HTTPS has become more than just a security feature.
HTTPS Everywhere! Important Points from Google’s Announcement
Google’s latest HTTPS-everywhere notice is short, but has some additional take-aways beyond the July deadline.
The Adoption of HTTPS has Hit Critical Mass
The implementation of HTTPS across the web continues to grow, but has yet to reach 80%.
- 68% of Chrome Traffic on both Android and Windows is protected with HTTPS
- 78% of Chrome Traffic on Chrome OS and Mac is protected
Secured Web Pages can be Achieved with the help of Google’s New Developers Tool, Lighthouse
Setting up HTTPS on a website server has become less expensive and, for many sites, has become easier to implement with the introduction of Let’s Encrypt – a service designed for the most-basic of websites. Even with all these advances, the final stage of setting up HTPPS requires mixed media to be remedied; and that can be time-consuming. Google now has a tool to help developers with correcting mixed media.
What is Mixed Media and Why Does it Need Fixing?
Mixed media is a situation where a webpage is HTTPS enabled, but images or links on the page are still being pulled from an HTTP address. Mixed media will prevent a green padlock from showing (and sometimes shows a broken padlock) because the page isn’t fully secured. The challenge is that correcting mixed media across an entire website can become time-consuming and monotonous for developers, and expensive for website owners.
Achieving a Green Lock with Lighthouse
In response to the tedium and time-cost of fixing mixed content Google has introduced a mixed content auditing feature in their Lighthouse developer tool. This Lighthouse feature will help developers identify which resources are loading HTTP. Learn more about Lighthouse by watching this video.
This is an introduction video to the Google Lighthouse developer tool.
Getting setup with HTTPS
If your website has yet to migrate to HTTPS now is the time to do it. Not only is your website vulnerable to eavesdropping and will be pushed down in Search rank, starting July 2018 web visitors will be notified that your site is NOT SECURE as they browse. Learn the ins-and-outs of HTTPS with our previous article. If your organization doesn’t have the expertise or resources to migrate from HTTP to HTTPS, give My Internet Scout a call. We’ve performed dozens of HTTPS migrations and we can help you out.
About My Internet Scout
Based in Wilmington, North Carolina, My Internet Scout, LLC is an Internet Marketing firm for small- and medium- size businesses. We specialize in WordPress website design, marketing and related services that include e-commerce, event registration, maintenance, content creation and search engine optimization (SEO). We service a variety of clients in North Carolina, Silicon Valley and places in-between.