It’s not a great feeling, seeing the website you invested your hard-earned resources into labeled as ‘not secure’, but that’s what a lot of businesses woke up to in February when Google rolled out its new website labeling system for the Chrome browser.
If you haven’t noticed it already, you will soon. And there are more small but significant changes coming to that little space at the front of the address bar.
“Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.”
– Emily Schechter, Chrome Security Team
Courtesy: Google’s Blog
Google’s goal is to make the web more secure and it’s using its size and the popularity of Chrome to encourage website owners to secure their traffic by telling customers if their connection to the website is secure (https) or not (http). And they are not alone. Firefox has begun showing this warning too. Ultimately this will make the internet a safer place for your customers and your website.
When visiting a typical web page without https, the communication between your website and your browser is “in the clear” (web speak for unencrypted, out in the open, visible, easy to steal. You get the picture.)
At every hand-off point along the chain between your website and your customers, the transmitted data can be viewed or tampered with.
Encryption from your customer’s browser, to your website, and then back would keep your customer’s data more secure. HTTPs provides this end-to-end encryption and an SSL certificate tells your customers (and their browsers) that you are who you say you are.
In this test, our connection to the Paragon website changed hands 17 times before reaching the server.
Right now they are going to see the “Not Secure” warning around password fields when using Chrome (58.4% Market Share) and Firefox (9.5% Market Share). However, Google’s goal is to work towards labeling all http pages as “Not Secure”.
“We will continue to extend HTTP warnings, for example, by labelling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.”
– Emily Schechter, Chrome Security Team
To secure your website traffic you have 3 options.
If your website and domain name are with the same provider then there’s a good chance they can do it for you. Talk to them and find out what it costs.
Contact your go-to “web guy/gal” and ask them to do it for you. If you don’t have a certified web-geek on speed dial then give us a ring and see if we’re a good fit. We’re always looking to add to our growing family of satisfied clients.
Get in Touch
If you know your way around a server you could try to do it yourself. You’ll need to understand your server setup, possibly domain configuration (DNS), CSR, Private Key, and database updates.
Want more satisfied website visitors? Get tips on engaging customers while keeping your WordPress website safe, all delivered straight to your inbox, by joining the WP Managers Consortium!
As a welcome gift we created a handy guide revealing 6 Simple Ways you can Secure your WordPress Site from Hackers. Just enter and confirm your email address to join the WP Managers Consortium and we'll have our drones deliver the guide to your inbox pronto.