To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labeled HTTP connections as non-secure.
But starting January 2017 …
Chrome 56 will label HTTP pages with password or credit card form fields as “not secure,” given their particularly sensitive nature. The browser currently indicates HTTP connections with a neutral indicator. This doesn’t reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.
[x_alert type=”danger”]Eventually, Chrome will show a Not Secure warning for all pages served over HTTP, regardless of whether or not the page contains sensitive input fields. So, you should plan to migrate your site to use HTTPS for all pages.[/x_alert]
What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data between the user’s computer and the site. Users expect a secure and private online experience when using a website.
Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:
- Encryption—encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages, or steal their information.
- Data integrity—data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
- Authentication—proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.
HTTPS doesn’t just protect user data, it also ensures that the user is really connecting to the right site and not an imposter site. HTTPS also ensures that a malicious third party can’t hijack the connection and insert malware or censor information.
Google is not the only big player on the web pushing for more HTTPS. Mozilla and Apple have both indicated that they want more web encryption. And even the US government has taken important steps in that direction, requiring all .gov websites to be HTTPS by default before the end of this year.
What can you do?
Read best practices for securing your site with HTTPS then setup and install a secure certificate.
Migrating to HTTPS can help your SEO!
Google has also started to prioritize secure HTTPS URLs over regular HTTP pages, which can help your website rank better in the search engine results. Once you’ve made the switch to HTTPS make sure Google can index your content under your new URLs.
Video: Mythbusting HTTPS
Moving to HTTPS is something every WordPress user should implement if they want to maximize their search rankings and serve a secure website to clients and visitors. So, I encourage you to adopt HTTPS in order to protect your users’ connection to your website, regardless of the content on the site.
If you need technical assistance in migrating your website to HTTPS, please contact me via email.