Chrome to warn users of insecure websites
INSECURE WEBSITE WARNING
Chrome is Google’s own web browser and they have just announced a major change with regard to website security that will impact on almost every website and potentially cause confusion and concern to visitors.
SECURE WEBSITES EXPLAINED
Most websites use the insecure HTTP connection. This means that the communication between your device and the website is sent in clear text and can be intercepted and read by others.
To make a website secure the owner needs to purchase and install a security certificate called SSL (Secure Sockets Layer). This will encrypt the communication between a device and a website so that it cannot be read.
This encryption all goes on behind the scenes and is indicated to the user in the address by either the URL (website address) being preceded by HTTP: // (insecure connection) or HTTPS:// (secure connection)
In September Chrome announced that beginning in January 2017, they would start flagging websites that use the insecure HTTP connection to transmit passwords and credit card data as insecure.
A warning will appear in the address bar of the browser and will call users’ attention to the fact that their personal information could be snooped or stolen.
This is a good thing and anybody aware of security should welcome this change.
The concern is that they plan to eventually roll this out to all websites.
They have indicated that this warning will next be rolled out to HTTP pages when a user visits them in the browser’s “Incognito” mode, and finally the warning will roll out to all HTTP pages.
IMPACT ON WEBSITE VISITORS
This means that if a website does not have an SSL certificate installed providing secure encrypted connections (HTTPS://), then the browser will issue a warning that the site is unsafe.
This can potentially cause confusion and concern with visitors that the website they are visiting is insecure and even dangerous.
Secure websites using SSL have been around for a long time and while many people are already aware of it, there
In general I welcome this change as it will make the internet that much safer for everybody and increase awareness of security.
FORCE ALL WEBSITES TO USE HTTPS
Apple also announced earlier this year that it would require app developers to force HTTPS connections for iOS apps by the end of 2016.
So there are already two major players pushing for secure website connections making this change is something that any website owner can’t afford to ignore.
The change will effectively force website owners to move to using a secure connection.
If you are a website owner then its time to start thinking about implementing SSL for all your sites. SSL certificates have become more affordable in recent years.
GOOGLE RANKING CONSIDERATION
There is another reason for website owners to move to secure connections.
Back in August 2014 Google announced the SSL/HTTPS would be a ranking factor for their search results.
In 2015 I made a video about this and at the time the SEO benefit seemed negligible. As is often the case with Google they announce things in advance of implementation and I suspect this is the case with SSL certificates.
Check out what I had to say back in 2015:
I expect to see the Google search results reflect this move to secure website connections.
HOW TO MOVE TO SECURE HOSTING WITH SSL
The first thing you need to do is check your current hosting to determine if you can install an SSL certificate.
The majority of websites, especially on cheaper hosting, use a shared IP address. To use HTTPS you actually need a dedicated IP address.
You should be able add a dedicated IP to your hosting for a few dollars a months. Depending on your host and the support they provide some will also help you install the certificate.
You may also need to edit all the pages on your website to ensure every object (such as an image) is referenced using HTTPS otherwise a warning will appear in the browser which is exactly what you are trying to avoid in the first place.
You can buy an SSL Certificate from as little as $10.99 per year from the SSL Store. They have all the most trusted SSL Security Certificate providers and a price guarantee not just to match any other advertised price – but beat it!
VIRTUAL WEBMASTER SERVICES
Virtual Webmaster Services can provide and install a Secure Sockets Layer certificates providing encrypted communication between the web server and visitors.
Virtual Webmaster Services also provide secure hosting which includes SSL:
About the Author
Christopher is an IT specialist with 30 years of experience in developing technology working with corporates and SME’s. Chris is a Microsoft Certified System Engineer and holds a Bachelor of Science in Information Technology, as well as numerous certificate based qualifications in technology and application development.