The major web browsers Google and FireFox are now marking certain web pages as insecure. If your website has pages that ask users to login or enter credit card information then, without web encryption using SSL, both browsers will alert users with warnings:
FireFox:
Chrome:
This has only started happening recently (January 2017) with the latest release of both browsers and is part of their drive to protect users’ private information.
As with any new innovation, web savvy users will be first to notice if your site is insecure but this will filter through to more and more users. Eventually it could result in users abandoning your website if they see the insecure flag in their browser.
Google is encouraging website owners to make more use of secure pages (let’s call them HTTPS web pages) by making the Google Chrome web browser alert users if the page is insecure (plain old HTTP).
Migrating to HTTPS – why HTTPS?
When you load a website over HTTP, in theory, someone else on the network can look at or modify the site before it gets to you. In practice the risk is low, but Google and FireFox Mozilla are trying to make the web a safer place for all, and more secure web pages running HTTPS is likely to help this aim.
Security is the core purpose of HTTPS. So, while we are excited to tell you about the other benefits (better performance, better SEO) you shoudn’t forget about this one.
If you are handling any personal information at all – passwords, addresses, financial data, etc. – using encryption ensures that the data is securely traveling to your servers without the risk of tampering or theft. You MUST start using encryption if you are collecting this type of data or it’s only a matter of time before your users’ safety will be jeopardized.
Why are the browsers making this change
Google wrote on its Google + page: “Enabling HTTPS on your whole site is important, but if your site collects passwords, payment info, or any other personal information, it’s critical to use HTTPS. Without HTTPS, bad actors can steal this confidential data. #NoHacked.”
These warnings could get more severe in future.
A Google engineer recently wrote “eventually, Chrome will show a Not Secure warning for all pages served over HTTP, regardless of whether or not the page contains sensitive input fields. Even if you adopt one of the more targeted resolutions above, you should plan to migrate your site to use HTTPS for all pages.”
In a recent blog article from Mozilla (the developers of FireFox) they said:
“To keep users safe online, we would like to see all developers use HTTPS for their websites. Using HTTPS is now easier than ever. Amazing progress in HTTPS adoption has been made, with a substantial portion of web traffic now secured by HTTPS.”
You can avoid these warnings by migrating your website to use https SSL (secure socket layers) by buying and installing a secure server certificate for your web hosting.
We can supply and install an SSL certificate for our web hosting clients with prices starting at £60 per annum. Get in touch on our Contact page for more information.
We will cover how to do this for WordPress websites in a future blog post.
Further reading
Google’s best practice guidelines for migration
Communicating the dangers of non-secure http
Firefox and Chrome warning about insecure login pages
Moving towards more secure web pages plus information for developers here – Avoiding the not-secure warning
