Chrome to Issue Security Warnings for Sites Using HTTP
Chrome 56 will be hitting the web in January 2017 and is set to bring in huge changes when it comes to website security and the use of encryption. Websites that use HTTP will be marked as insecure, warning potential visitors that their data may be at risk if they use sensitive information to log in or sign up to forms on these sites.
The change is set to boost security on the web and forms part of Google’s plan to make the web a safer, more secure place, so today we’re going to delve into the story and also give you an exclusive peek into an upcoming service that will make it easier than ever to secure your website.
So why is Chrome making this change? It’s simple: to make the web a more secure place for everybody. This latest move is part of a series of changes Google has been making over the last few years and is part of their continuing effort to convert website owners to HTTPS over the less secure HTTP. A large portion of website owners have already made this change but it’s easy to get complacent and put off making changes, which is why Chrome are bringing in public warnings to urge site owners to make the switch to HTTPS.
In the past, Chrome has marked secure sites with a padlock icon in the address bar but up until now they’ve left HTTP connections unmarked. From January 2017 onwards, however, any pages that use HTTP and collect sensitive information will be marked with a ‘not secure’ tag embedded in the address bar, making it easy for visitors to determine sites that may compromise their security.
Chrome confirmed a long term plan is in place to target non-secure websites and the January 2017 update is just the first phase. In this initial update we’ll only see sites that contain password or credit card form fields targeted but further changes will be made to eventually mark all sites using HTTP as non-secure. Bearing this in mind, it’s well worth all website owners switching to HTTPS before January 2017, whether or not their site currently transmits sensitive data.
What’s the difference between HTTP and HTTPS? HTTP (which stands for HyperText Transfer Protocol) was created as the standard procedure for exchanging information online but it wasn’t fully secured, which led to the introduction of HTTPS (HyperText Transfer Protocol Secure). HTTPS ensures the information being exchanged is encrypted, so even if somebody between the sender and the recipient could access the information, they wouldn’t be able to understand the data.
So how do you go about making the change from HTTP to HTTPS before the January deadline? It can be a complicated process if you’re not sure what you’re doing but, luckily, we’re about to share the details of an exciting new service that will make moving to HTTPS a doddle.
WP Engine just started offering free Let’s Encrypt certificates to all of their users, so you’re in luck! This service will issue you with free SSL certificates so you can get your site using HTTPS in no time. Sites with HTTPS will also get HTTP/2, which results in even better site performance and can even boost your search engine ranking. To get started all you need to do is visit WP Engine.
With a short amount of time standing between you and the January deadline, now’s the time to up your website’s security and ensure you make the change to HTTPS if you’re still using HTTP. For advice on how to set up SSL to ensure you don’t get stung by the new warnings, get in touch with our experienced, friendly team by visiting our Contact page or emailing us at [email protected]