Google Chrome Is Marking HTTP Sites “Not secure”: Are you ready?

Is your website still on HTTP?

Day by day, we are moving toward a more secure web as website owners are now adopting HTTPS encryption for their websites. Previously, the HTTPS was used for several purposes like payment transactions, emails, account login etc. But over the last year, HTTPS has been used more often by websites to keep communications and personal information transmission secure. Google is encouraging the use of HTTPS and releasing new updates frequently on their Google Chrome web browser.

Let’s analyze the recent Google reports to know the usage of HTTPS on Google Chrome.

Google Chrome’s recent reports on HTTPS usageHTTPS_usage_statistics

As per Google’s recent progress reports, following growth has been identified in the HTTPS usage.

  • Over 68% of Chrome traffic on both Android and Windows is now protected
  • Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
  • 81 of the top 100 sites on the web use HTTPS by default.

HTTPS is now becoming a normal than an exception. In Google’s opinion, the users should expect that the web is safe by default and they should be warned if there is an issue.

What Changes has Google Chrome introduced?

Google is planning to remove Chrome’s positive security indicators so that the default unmarked state is secure. In order to encourage the site owners to switch toward the HTTPS, Google starts marking all HTTP pages as “Not Secure” from July 2018 (Chrome 68).

Google will roll this out over time, starting by removing the “Secure” wording and HTTPS scheme in September 2018 (Chrome 69). Eventually, in October 2018 (Chrome 70).

(Chrome 68)

Secure padlock https

 

 

(Chrome 69)

With Secure Pad lock

 

 

(Eventually, in Chrome 70)

Default Secure

 

 

Google will start showing the red “not secure” warning when users enter data on HTTP pages.

Not secure for http

 

 

What should you do to switch your website to HTTPS?

To switch your website to HTTPS to avoid “Not Secure” Red padlock in Chrome, you should install SSL certificate for your website. You can purchase an SSL certificate from here

Actions after the installation of an SSL Certificate:

After installation of the SSL certificate, you should make some changes to avoid a bad impact on the website traffic or Google ranking.

Use Redirect Rules:

Redirect all HTTP requests to the HTTPS permanently (301 redirects) for your website by the redirect rules in web server. Please refer to this article.

Set HTTPS as a default protocol for your website:

In CMS and eCommerce based websites like WordPress, Joomla, Magento, Drupal, you need to set the default website URL with HTTPS. All content must be referenced via the HTTPS.

To add images, CSS stylesheet, etc. on your website, use Relative URLs for the internal data references in your code. But if you are using Absolute URLs, make sure that all of them are referenced by the HTTPS URLs only.

For example:

<img title=”Example Image” src=”web-images/ram_flat.png” alt=”Example Image” />

<img title=”Example Image” src=”https://www.example.com/web-images/ram_flat.png” alt=”Example Image” />

Update meta tags and all the links:

Ensure that all the canonical tags and hreflang tags are pointing to the correct HTTPS URLs

Update all the Internal links and other links you can control such as Social media profiles, to point directly to the HTTPS website.

Conclusion

Google is aiming to provide a safe browsing to the users and HTTPS is a secure way to avoid data manipulation or theft over the internet. Google’s remark is highly considered by most of the Internet users. So, you should update the website with SSL certificate and be ready when Google Chrome 70 rolls out.

Get SSL Certificate on your website before it is too late.

Jason-Pat
Follow Me

Jason-Pat

Jason is CTO at AccuWebHosting.com. He shares his web hosting insights at AccuWebHosting blog. He mostly writes on the latest web hosting trends, WordPress, storage technologies, Windows and Linux hosting platforms.
Jason-Pat
Follow Me
(Visited 329 times, 1 visits today)

Leave a Reply

AlphaOmega Captcha Classica  –  Enter Security Code
captcha      
 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Sign up for a News Letter Click here to sign up