Starting October 2017, Google Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode. If your website is not HTTPs, and you have not moved your website to HTTPs from HTTP, then your website’s visitors will start to see this warning.
Google has just stared sending out warning letters to website owners that have not moved their website to HTTPs yet. Such a letter, sent via email to website owners who have verified their websites in Google Search Console (formerly called Google Webmaster Tools), appears below:
In this case, one of my websites, coeh dot org, has not been moved to HTTPs yet. I have already moved this website to Cloudflare, and should be taking advantage of their free SSL services. You don’t have to pay for an SSL certificate if you use Cloudflare on your website. This site is still http because it’s not using WordPress, and it’s mostly a static HTML website. I’d have to take the time to update all of the internal links on the website so they point to HTTPs and not HTTP, and I haven’t done that yet.
Here’s the text of the letter that Google has sent out:
Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.
The following URLs on your site include text input fields (such as < input type="text" > or < input type="email" >) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ data. This list is not exhaustive.
http:// www. coeh .org
The new warning is part of a long term plan to mark all pages served over HTTP as “not secure”.
If you receive one of these letters, your website is not using HTTPs and it’s not a secure website. What I recommend is coming up with a plan, immediately, for how you are going to move your website to HTTPs. Even if you don’t sell directly on your website, any forms that someone fills out on your website still should be secure. Therefore, I do recommend that all websites move to HTTPs.
If you need some help, here is my checklist for moving to HTTPs. I’ve even created a video that explains moving from HTTP to HTTPs:
If that’s not enough, and you just need it moved, then contact your web host and see if they’ll help you move it to HTTPs. They will order an SSL certificate and install it for you. There are some other things that you need to do to make sure you have a smooth transition to HTTPs, like fixing all of your internal links on your website and making sure all of the HTTP references in your website code is updated to reference HTTPs. The proper redirects will need to be in place, as well.
If you have any question or concerns about moving to HTTPs and doing a website migration, feel free to contact me.