Google is waging war on security – is your website ready?

Later this month, October 2017, Google are making big changes to how their Chrome browser works when they release version 62. The biggest change relates to website security and it will affect every website that does not conform to their new security standards.

So, what are they doing and what can you do?

Firstly, I need to define what HTTP and HTTPS website connections are. A standard connection to a website is over HTTP, and most websites use this connection. But, it’s not a secure connection. A secure connection to a website is over HTTPS. It means all communications between your browser and the website are encrypted. You usually see this on eCommerce/shopping websites and you can verify if this is the case by seeing the padlock icon in your address bar.

Chrome currently only marks standard HTTP pages as “Not secure” if they have password or credit card fields on them. Therefore, a page requiring payment information or login information will currently have this message shown if a website uses a standard HTTP connection. If a SSL certificate is installed on the server, then this allows a HTTPS (secure) connection to your website. This has been a luxury for most website owners, until now.

What are they doing?

Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter ANY data on an HTTP page, and on all HTTP pages visited in Incognito mode. The first part of this change means that any pages with a contact form, newsletter signup etc will have the “Not secure” message shown if the website is using HTTP.

Eventually, they plan to show the “Not secure” warning for all HTTP pages, regardless of whether there is a form on there or not, even outside Incognito mode.

This spells big trouble, or lots of confusion, for your website visitors as they will get lots of these messages popping up on their screens as they try to browse your website.

What can you do?

You can do nothing and take a chance that nobody will be bothered by all the pop up messages. Or, you can get a SSL certificate installed on your website and have all your content fixed so it points to your new secure HTTPS website.

For eCommerce websites, a secure connection is essential as it gives visitors peace of mind that their personal information is being treated with the utmost security.

We are seeing lots of our clients asking for this upgrade before even knowing about the Google Chrome update. Don’t waste any time, get your site secured before Google starts flagging it.

Contact us today for a quote to convert your standard website to a secure website.

Mark Gorey: Senior Web Developer