29 Broomfield Avenue, Leigh On Sea, Essex, SS9 4BL

Google Chrome to soon punish websites without SSL as “insecure”

Not Secure Header

Will your website scare away visitors?

This is big news; it’s VERY important to anyone that has a website, and the change is coming soon! If you’re thinking, “I don’t use Google Chrome, it doesn’t affect me” … you’d be mistaken.

It’s been reported by Wordfence that Non-HTTPS Sites will be labeled “Not Secure” by Chrome.

What does this mean?
It means that if you don’t have an extra layer of security in place (a SSL), when someone goes to your website they may well soon be greeted by a message telling them that the site is insecure.

The video above should’ve given you a better idea as to what SSL is.

So what’s the big deal?
So what if Google Chrome tells customers that the site is unsafe?

The problem is that it could cause confusion and surprise, which may lead to potential clients or customers quickly shutting down the page, thinking that they could get some form of infection from your website. Although not altogether true, seeing a big red message stating that something is insecure may well be enough for the average Joe to let their technological ignorance get the better of them. Reports suggest that 85% of Internet users are not overly tech savvy and a red message from the browser being used could be what loses a sale.

Don’t use Chrome? It doesn’t matter. A VERY large percentage of average users do use it as it’s become one of THE most stable browsers out there, next to Firefox and Safari. It’s actually been reported by zdnet.com in the past few weeks to be “the most popular browser of them all”.).

Chrome 56 is released at the end of the month, and with it a change in the way that domain names are displayed in browser navigation bars. Soon it will be stating in no uncertain terms that a website without a SSL (Secure Sockets Layer) is “Not secure”.

There’ll be various stages:

* * The first stating that any webpage that collects passwords OR payments is “Not secure”.
* The next takes place in quick succession and will label all non HTTPS pages in incognito mode as “Not secure”, mainly because people assume that in incognito mode there is more privacy/security. In fact, all it does is not record your browsing habits on your machine.
* Finally, Chrome will label all HTTP pages as “Not secure”.

Needless to say, due to people’s lack of understanding towards Internet security, this could lead to you losing business even though your site is actually fine; it just doesn’t have a SSL Certificate in place.

Previously, I’ve spoken to some of my clients about the importance of having a site with a SSL for search engine purposes. Last year Google made the change to their algorithm so that sites with a SSL and showing https:// before the domain name get preferential treatment in their results. This has not changed and is still relevant; although now it seems that the addition of a SSL is actually not only important from a search engine point of view but also from a security one too.

If you have an e-commerce website that accepts people’s details and payment, even via PayPal, this is a must. If you have a website that doesn’t accept payments, do you think your customers will react negatively to a “Not secure” message?

As always, the choice is up to you, but I would advise that anyone with a website makes this change as soon as possible.

The avenue you choose in order to add a SSL to your site depends on the kind of SSL you want and the kind of protection required. If you take online payments, you’ll need a more expensive SSL than a site that doesn’t, as you would need to be covered by a warranty which protects your customers further.

Note: If you use PayPal as a payment gateway, you do not need a SSL with warranty. PayPal take care of any transaction security when it comes to personal details. If you allow personal information to be typed into your website, a basic SSL is still necessary.

Regardless of the cost of the SSL that you go for, it would incur a charge to the hosting provider to purchase a SSL PLUS a charge to update the website files to make sure that the use of the SSL is enforced. There are free SSL options, meaning that the only charge appropriate would be the site transfer costs (transfer to https), BUT if you want that green padlock in the browser you need to pay for it. We can talk more about that if you wish.

If you would like to discuss this further, please get in touch with us as soon as possible as the first change comes into effect on January 31st 2017. We’d like to apologise for the late notice, but blogs about this only started to leak out in the past week.