Is your website secured with a valid SSL certificate and HTTPS? If not, beginning in July, visitors using Chrome version 68 (the latest version of the Chrome browser) will see a worrisome “Not secure” message in the address bar. To avoid this, you’ll need to ensure that you have an SSL certificate properly installed and that all your site’s content (pages, images, media, etc.) is serving over HTTPS.
Why is Google making this change? It’s in response to concerns over user privacy and identity theft. The use of HTTPS helps keep the user’s data safe from anyone who could be spying on web traffic while it’s in transit between the user’s browser and the server.
Google started moving in this direction with Chrome version 62 (back in 2016), which flagged all non-HTTPS sites that had data fields. With the newest version of Chrome, every non-HTTPS site will be flagged as ‘not secure,’ whether it includes input fields or not.
Here are answers to some Frequently Asked Questions that might be helpful:
Q: Why is regular HTTP not secure?
A: HTTP is susceptible to sniffing and spoofing (yep, that’s what they call it). HTTPS encrypts all the data packets that are sent between your site and the visitor’s browser (and vice versa). If HTTPS packets are intercepted, they can’t be decoded and they can’t be spoofed.
Q: What if I’m not sure if my site is secure? How do I check?
A: One of the best ways is to simply visit your website via a browser and take a look at the address bar. The graphic below shows the padlock symbol that accompanies the URL of an HTTPS-secured site when displayed in a browser.
You should click through and view all of your site’s pages to ensure that none of your pages show the yellow warning symbol over the padlock.
Q: Where did I get an SSL certificate for my site?
A: If you have shared hosting or managed WordPress hosting, your hosting company can help you procure and install an SSL certificate. You may need your developer or webmaster to ensure that all content is forced over HTTPS. If you have dedicated hosting or a virtual private server (VPS) you’ll need your developer or webmaster to install the SSL certificate for you.
Q: If I already have an SSL certificate for my e-commerce site, is my site secure?
A: If you have an e-commerce site, we recommend a full security audit to ensure that your site and your server are both PCI-DSS compliant. Depending on the data you collect, you may also need to be compliant with other standards (such as HIPAA or FERPA).