Late last year, Google announced their mission to make the web more secure in their Security Blog post Moving towards a more secure web. Google has been promoting the security, speed, and SEO value of Secure Socket Layer (SSL) for over a year and are now using the Google Chrome browser to further awareness.
In a post on the Chromium Blog titled Next steps toward more connection security, they stated:
"Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode."
If your site has any sort of form, even a simple contact form, or if users are logging into your site using the Chrome browser, this affects you. They continue:
"Eventually, we plan to show the “Not secure” warning for all HTTP pages, even outside Incognito mode. We will publish updates as we approach future releases, but don’t wait to get started moving to HTTPS!"
We have moved a majority of our clients to HTTPS. We'd love to help you get moved over too!
Recommend Options for an SSL Switchover
Switching over to HTTPS from HTTP is relatively easy:
- Acquire an SSL certificate from an established authority.
- Configure the SSL certificate
- Add a global redirect from HTTP to HTTPS and make necessary adjustments to your CMS.
- Crawl looking for HTTP hard coded links and images and correct.
- Update external links that you have control over to HTTPS to maximize SEO.
Options for getting an SSL Certificate
- Get an SSL Certificate and install on the server
Costs will include the certificate, installation of the certificate, testing, and reporting.
- Free Shared Certificate from CloudFlare
By adding any level of CloudFlare to your site and moving the DNS server to CloudFlare you gain a shared SSL certificate for your sites. This has no certificate cost and a monthly charge only if your needs require a paid CloudFlare plan for particular features. There is some testing and reporting required for this transition.
- Free Shared Certificate from Let’s Encrypt
Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG). This requires root access to the server or a host that provides support for Let's Encrypt and involves installing the certificate on the server and updating that certificate every 90 days.