Website Security Alert: Your Site Might Display A Scary Looking Warning Starting July 2018
According to Google, starting sometime in July 2018, they will unleash Chrome 68 – their pending web browser update. Updating Chrome is not that newsworthy, except this update ups the ante for websites that have not yet added an SSL certificate to all their web pages. As you may know, Google has been pushing strong (and others) to have SSL on all websites. At first, they only wanted SSL on pages that shared information that was sensitive. Then they wanted all info shared on SSL pages, and now, they are upping the ante.
In everyday terms, if you see https://yoursite.com then you are fine. If you do not see the ‘s’ in instead see http://yoursite.com, then starting in July Google will show a very in your face warning to users that this site may not be secure and your personal data may be at risk. Any page that is not SSL compliant, will now show a scary warning like the one below.
Image Source: Google Security Blog
In everyday terms, if you see https://yoursite.com then you are fine…
I am sure you can guess that this is not ideal for websites that are not secure, and even though the site pages will load, many users will most likely be scared off. Some longtime users or customers may even be worried that such a site was hacked.
Compared to past release updates to Chrome, this version will shout out “Danger Will Robinson, Danger… Do Not Proceed To This Website…” It does not take a space-traveling robot to recognize that this will most likely result in users leaving your site, and will put your company’s reputation into question.
“Danger Will Robinson, Danger… Do Not Proceed To This Website…”
Chrome 68 includes a more detailed security check to detect whether your entire website is encrypted. If it is not, Chrome will immediately display a security warning indicating that your site is not secure.
As an example, imagine after this update, a customer goes to your website to look up your phone number, and instead, the first thing they see if a rather obnoxious security alert. They may think that your company was compromised by a hacker, and worry that their private client information was stolen as part of a security breach.
Similarly, if you sell products or are driving marketing efforts to landing pages and contact forms, visitors who are looking to fill out your contact form, or buy something online could very well be inclined to leave your site.
How Do I Test a Site for SSL Encryption?
You can tell whether your site (or any site) is encrypted quite easily. As mentioned prior, your web browser will either display http: or https: in front of a sites url (web address) to indicate a secured or unsecured website.
Chrome also provides a visual indicator: if there is a green lock next to a website address, the site is encrypted.
ALternately, a visitor can click the information button next to a websites address. This displays a message stating that a site is or is not secure. Currently, Chrome’s security warning is somewhat hidden (unless the page collects passwords or credit card information).
Starting in July, if any page on your site is not encrypted, your visitors will see a red triangle with the words “not secure” warning visitors about your site. As mentioned earlier, this warning can cause your website traffic to decrease and cause customers and clients some concern.
How Do You Encrypt Your Website?
In everyday terms, you need to apply an SSL Security Certificate on your web server. This is not as hard as it may seem but does need to be done correctly, and there are important SEO considerations such as mixed content and website versioning to be considered . It will not affect your SEO if done correctly, and in fact, it may help.
If you have not already secured your website, the good news is that it is normally under 20 minutes of work for a web developer to do, sometimes much less. Even better, for those with basic web hosting knowledge and are on a host that uses cPanel, you can probably do the basics on your own in under 30 minutes for free (depending on your host it may be as little as 5 to 10 minutes). Just remember to fix mixed media errors as well as set your version to load only the https:// version if the site. I did a quick study the other week and some surprisingly big companies got this wrong.
Click the link to the right to learn –> how to set up auto SSL in cPanel
Do not ignore this, you still have plenty of time to avoid a bad situation. If you are not comfortable doing this internally, contact your current web host or webmaster and ask them to do it for you. If you prefer, you can also contact us and we can help as well.
Keeping All Your Company Data Safe
If a hacker discovers that your website is not secured, they may use that as an indication that your company has other vulnerabilities that they can exploit. Computers and servers that do not have the latest security patches or modern software can be penetrated using malicious code that can cripple your business.