Google has been touting the benefits of the HTTPS protocol for years, elevating sites using HTTPS in Google’s search results since 2015.
With the release of Chrome 68 in July, 2018 Google is going one step further, actively marking any website that use the older (and inherently less secure HTTP) as ‘Not Secure’ right in the address bar.
The idea is not to punish websites still not using HTTPS, but to let users know whether it’s safe to submit sensitive information. “For the past several years, we’ve moved toward a more secure web by strongly advocating for HTTPS encryption, and helped users to understand that HTTP sites are not secure,” Google said in a blog post. “Developers transitioning their sites to HTTPS have made the web safer for everyone.”
This should stand as a wake-up call for all website owners to transition their websites over to the more secure HTTPS protocol as quickly as possible. HTTPS is no longer reserved for websites that accept credit cards or sensitive information, it’s pretty much a necessity in today’s modern world.
According to Google, 68% of Chrome web traffic on Android and Windows devices uses HTTPS, rising to 78% of Chrome web traffic on Chrome OS and macOS. In fact, 81 of the top 100 sites on the internet now use the HTTPS protocol by default. However, there are still some rather shocking stragglers, like IMDB, Fox News, The BBC and Alibaba.
The biggest issue when switching a website from HTTP to HTTPS is tracking down all the resource calls that don’t use HTTPS – if there is even a single resource that loads over HTTP a website will not be able to use HTTPS. With an HTML website this takes a lot of testing and rewriting HTML code and testing again – it can be a time consuming process.
Fortunately transitioning to HTTPS is usually a lot simpler if you have a WordPress website. All it takes is the installation of a WordPress plugin like Force HTTPS or Easy HTTPS Redirection and the hard work is done for you. Either plugin forces a page to load all resources using the HTTPS protocol. It also forces the page itself to load using HTTPS, even if a user only types in HTTP.
You will also need a SSL certificate to install on your web server which can be purchased for under $15 from numerous suppliers. Don’t pay more than this unless you have a specific security need that isn’t met by the discount SSL certificates – GoDaddy currently charges $74.99 per year for a SSL certificate which is absolutely outrageous (and that’s their sale price!).
If you web server supports Let’s Encrypt (https://letsencrypt.org) the process of installing a SSL certificate is even easier. The installation of a Let’s Encrypt SSL certificate is a two-click process and is absolutely free.
For those who need help in their transition to HTTPS Google has help documents for site owners.
Astute readers will notice that this website does not use HTTPS but this will be rectified shortly!