In less than one month from today, on July 23, Google will start prominently labeling any website loaded in Chrome without HTTPS as "Not Secure".
The various browsers, such as Firefox, Chrome and Safari, already flag HTTP connections as "Not Secure" if forms or login pages are used on the current page of a website. This feature should inform the user that any data entered will not be encrypted and securely transmitted to the server of the website.
Google is slowly starting to shame all unencrypted websites by giving a ranking boost to SSL-encrypted websites in their search engine, and labeling unencrypted websites as "Not Secure". Although the ranking boost is already "old news", the label for HTTP-only websites will be added to their browser on July 23.
Still not using HTTPS/SSL?
When asked "Why aren't you offering an SSL encryption on your website?" serveral reasons are mentioned. The main reasons are that implementing an SSL connection is difficult, not needed or slow.
But, are these answers still valid?
In short: No, they are not.
Although it was not that easy to implement HTTPS connections on individual pages, it is now. With the help of Let's Encrypt (a free certificate authority), HTTPS connections became even easier to implement and use.
Of course, your hosting provider needs to provide the option to add SSL certificates or even provide an automated renewal, as these certificates do have an expiration date.
The answer "I do not need HTTPS" is probably the most confusing answer, as every website owner should take care of the security and privacy of visitors to his website. Once the connection between the visitor's browser and the website is not secure and encrypted, anyone can gain access to the data exchanged between the visitor's website and the visitor's browser. In addition, as described above, it offers other benefits such as search engine optimization (SEO) and new web features that only work on HTTPS sites.
Slow HTTPS connections are no longer a thing, although that was the case at some point - but at that time the performance degradation was low. HTTPS is even required to enable and enjoy the performance benefits of HTTP/2.
Will my site show "Not Secure" on July 23?
If your website doesn't automatically redirect from your http:// URL to the secure https:// URL, your website might be affected.
How can I prevent my site being labeled as "Not Secure"?
To get a secure HTTPS website, you need an SSL certificate and configure your website to automatically redirect all traffic to the HTTPS site.
It is also recommended to use HSTS to instruct the browser to always load the content over HTTPS, saving a redirect on all subsquent requests to the website.
Need support in securing your website with HTTPS?Contact us and we will assist you in implementing an SSL certificate for your website.
Check out the blog post on the Google Security blog to get more information about their Chrome update: https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html