Google is on a mission to make the internet more secure for us all and the latest update to Chrome is a small but important step towards that goal.
With Chrome version, 62 visitors of web pages featuring an input field – a login or contact form, for example, will see a ‘Not Secure’ warning in the address bar if no SSL certificate has been installed.
This will not stop the page from loading or the form from working, but the impact may be worse than that: prospective customers being scared off the competition.
Given Chrome’s share of the browser usage pie is close to 60% you risk alienating a significant number of users.
Consider this too: you don’t want folk to share their negative experience on social media with some added details: “Website XYZ looks good but your credit card details will get hacked if you buy from them”.
The moral of the story is that if you don’t have an SSL Certificate installed on your web site get one now.
Wait, what is an SSL certificate and how does it work?
For those of you who don’t know, Secure Sockets Layer (SSL) is a protocol that encrypts data as it’s transferred across the internet so that it cannot be intercepted and leveraged by a third party.
It also helps confirm the legitimacy and ownership of a web site.
When a web page is secure you will be able to access using a URL that starts with https://, as opposed to http://, so with the additional ‘s’ in there. And not get any warning message.
Please note: SSL covers the transfer of data and is only one step of a broader strategy to keep your WordPress instance safe, including securing your hosting platform (and we have your back covered there).
An action plan (whether you have SSL or not)
1. Already have SSL installed?
Good, but check the expiry date and set yourself a reminder to renew it. If you purchased it with us we’ll email you a reminder before it expires.
2. Don’t have an SSL certificate?
Head over to our website and order one now. DV (Domain Validated) SSL certificates are activated instantly.
3. Install the Site Seal
Good to let your visitors know that your site is secured with an enterprise-grade SSL certificate.
4. Get a WP plugin for SSL
Once your SSL certificate is installed we recommend using Really Simple SSL to automatically detect your settings and configure your website to run over https.
5. Keep an eye out for SSL warnings
Tools such as this one can help with this. One thing to look out for are hardcoded insecure links when your page is secure – you should use relative paths to your own content to avoid these. If you are a customer and require assistance with configuration or mixed content warnings, get in touch and we will gladly help.
WP Hosting certificates are issued by Comodo™
We offer four types of SSL Certificates, in fact: Standard, Wildcard, Organisation and Extended SSL certificates.
We chose Comodo because they are a leading provider with over 700,000 business customers worldwide. They offer a solid product that is compatible with most browsers, applications and devices. We like reputable, tried-and-tested products as they tend to be more trouble-free than the less established ones.
You can also purchase a certificate from another vendor and install it yourself.
More information about this update to Chrome
This Chromium Projects article explains the original proposal for the change as well as the timings, with updates published over the last year:
- Moving towards a more secure web – September 2016
- Avoiding the Not Secure Warning in Chrome – October 2016
- Next Steps Toward More Connection Security – April 2017
- New in Chrome 62 – October 2017