2018 SSL Year – Chrome 68, due out in July, will warn users about HTTP sites.
The time has come for all websites to migrate to HTTPS. You have until July when Chrome 68 releases.
Google has also pushed the date back a couple of times to avoid the massive disruption when websites start getting labeled “Not Secure.”
If you haven't been following, here's what you need to know:
Google and the rest of the browsers have been working on this for a long time. Last year Google and Mozilla began the push toward universal encryption by changing the UI on their browsers. In addition to the padlock icon, any website with SSL is marked “Secure.”
The idea was that website owner would gradually adopt SSL as more and more features were being taken away.
The browsers also began marking HTTP sites “Not Secure.” This was done more gradually. The warnings started just warning users when they were about to enter a password in an unencrypted field. Then in the Fall, they turned up the volume even more and started marking any HTTP page with the text fields “Not Secure.” Now, with Chrome 68 in July, Google is cranking it up to 11. Any website served via HTTP will get the “Not Secure” indicator.
What's the Big Deal with HTTPS?
HTTP is ancient by computer standards. It's a protocol for communication, and it worked fine for a while. Unfortunately, HTTP is not secure. When you make an HTTP connection with a website, that connection is not secure. That means anyone can eavesdrop on the connection and steal or manipulate any data passed back and forth.
HTTPS is secure. When you connect with a website, the data being sent is encrypted. That essentially makes it worthless to anyone without the corresponding key. Beyond security, HTTPS also blocks ISPs from injecting ads on your website; it is faster and performs better than HTTP. Finally, you have to have encryption to use HTTP/2, which is becoming more widely adopted.
What do I need to do?
You need to install an SSL certificate and migrate your website to HTTPS; for our shared hosting client, cPanel & Plesk, we offer a free SSL from Let's Encrypt; also, you can check our commercial SSL list.
Next, you'll need to migrate to HTTPS; you can change the protocol in your URLs to HTTPS, then use 301 redirects. You may also want to take the time to add your website to the HSTS preload list.
The key takeaway is that you have until July to get an SSL certificate, lest you anger Google.
And trust me, no one wants to cross Google.
More Useful Links