Google is about to introduce changes to its Chrome browser that will affect every website. Since Chrome is the most widely used web browser, every website owner needs to be aware of the changes that Google has started to make.
Starting with the latest version of Chrome (version 56) Google will mark any website that doesn’t have a security certificate, as non-secure. Google’s move is part of an increasing drive to improve the security of the internet and Google is not alone in pushing this. For example the White House decreed, in 2015, that all US federal website would be secure
What do we mean by secure websites?
Secure websites have addresses (URLs) that start with HTTPS rather than HTTP. This means that they have been set up with a secure connection that adds an extra level of security to the sites compared to non-secure sites which have URLs starting with HTTP. HTTPS guarantees that users are reaching the website they intend to visit, and the extra security protects them against hackers.
To make a site secure, it is necessary to purchase a security certificate from an authorized provider and apply it to the web server. This is something that a web developer or server administrator would normally do. To date, it has been mainly shopping sites or sites taking online payments that have gone the HTTPS route.
What is Google doing?
But Google, and others, want every website to be secure. To this end, starting with the latest version of Chrome (version 56), Google will start to mark as non-secure any website that doesn’t have a security certificate. Previously, only secure sites, sporting the HTTPS prefix, have been marked as non-secure if there was a problem with the site’s security certificate – it had expired, for example.
Initially a non-secure website will be marked as follows in Chrome’s address bar. This is fairly unobtrusive and many people may not spot it.
In an unspecified future release of Chrome Google will start to flag non-secure sites with a red triangle. This is likely to cause significant concern amongst web users if they see it.
The other thing that Google is doing now is to give a search position boost to secure sites. Non-secure sites won’t lose any ranking that the currently have but secure pages will receive slightly higher rankings.
So what should you do now?
If you have a website you certainly need to have it changed to a secure (HTTPS) site in the near future. This will mean buying a security certificate and having your web developer, or server manager, apply it. Changes may also be required to the website itself.
At the moment though there is no need for website owners to panic and rush into anything. Google is introducing these changes gradually. Initially there will be many sites flagged with the relatively unobtrusive “Not secure” flag. Whilst you may get comments from some of your more eagle-eyed users if this flag appears, I don’t believe that this will deter people from browsing your site.
However, this will be different story when Google starts using the red triangle flag and more sites are converted to secure sites. So what you need to do now is to start talking to your web developer about making the changes.
In the meantime, you are likely to get emails from companies trying to scare you into buying a security certificate. I repeat again, don’t rush into anything. There are various levels of certificate that you can buy and you don’t want to get panicked into getting the wrong one and spending too much money.
The first thing to do is to talk to your web developer and start making plans.