Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Google will soon notify Chrome users of unsecure websites

  1. #1
    root Array Harold Mansfield's Avatar
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,343
    Likes (Given)
    1014
    Likes (Received)
    942

    Default Google will soon notify Chrome users of unsecure websites

    This is huge news.

    In an announcement published to the Google Security Blog on Thursday, the search giant said users of its Chrome browser will be warned when accessing non-secure websites, starting January 2017.
    Users won't be blocked from accessing non-secure sites, but they will be alerted when visiting an address that doesn't use an encrypted connection.
    From Google

    To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we’ll mark HTTP sites that transmit passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
    https://security.googleblog.com/


    This will undoubtedly have a huge impact on everyone. Whether or not your site asks for credit card or personal information, I'm sure no one wants their users and website visitors seeing that warning.

    Will any of you update your website security, or is it no big deal?
    WordPress Support WordPress Security Blog

    The best way to stop a bad guy with a computer, is with a good guy with a computer | Seeker.One

  2. Likes Brian Altenhofel liked this post
  3. #2
    Member Needs New Keyboard Array Brian Altenhofel's Avatar
    Join Date
    Sep 2012
    Location
    Oklahoma
    Posts
    900
    Likes (Given)
    109
    Likes (Received)
    180

    Default

    There's really no reason to not run HTTPS on everything today.
    || VMdoh - Drupal development, consulting, and support

  4. #3
    root Array Harold Mansfield's Avatar
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,343
    Likes (Given)
    1014
    Likes (Received)
    942

    Default

    I agree. And they've been telegraphing for a couple of years now that they give some weight to secure sites over non secure sites. Since we don't get all of the information about how they determine position, it's not out of line to think that it will become even more important in your SEO leading up to the full 2017 implementation.

    Basically they're telling us point blank to do this and have been for a while now. We should probably listen.
    WordPress Support WordPress Security Blog

    The best way to stop a bad guy with a computer, is with a good guy with a computer | Seeker.One

  5. #4
    Member Array
    Join Date
    Jul 2016
    Posts
    12
    Likes (Given)
    1
    Likes (Received)
    1

    Default

    The last time I looked, around 60% or more of websites didn't have HTTPS at all. It will be interesting to see how this rolls out as it could be really disruptive to search in general. On the other hand, it could create a lot of short term work for web designers in adding SSL certificates to sites.

    I will certainly look at updating all of my sites to add an SSL certificate.
    Neil

    www.VirtualHeadquarters.com We will look after your calls while you take care of business.

  6. #5
    Member Needs New Keyboard Array Brian Altenhofel's Avatar
    Join Date
    Sep 2012
    Location
    Oklahoma
    Posts
    900
    Likes (Given)
    109
    Likes (Received)
    180

    Default

    By the way - https://letsencrypt.org/ - free signed SSL certificates.
    || VMdoh - Drupal development, consulting, and support

  7. #6
    root Array Harold Mansfield's Avatar
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,343
    Likes (Given)
    1014
    Likes (Received)
    942

    Default

    Quote Originally Posted by Brian Altenhofel View Post
    By the way - https://letsencrypt.org/ - free signed SSL certificates.
    Brian have you used this before or are you currently using it?
    Was wondering if you have any feedback that you could share. Pros and cons.
    WordPress Support WordPress Security Blog

    The best way to stop a bad guy with a computer, is with a good guy with a computer | Seeker.One

  8. #7
    Member Array
    Join Date
    Sep 2016
    Posts
    14
    Likes (Given)
    0
    Likes (Received)
    1

    Default

    Quote Originally Posted by Harold Mansfield View Post
    Brian have you used this before or are you currently using it?
    Was wondering if you have any feedback that you could share. Pros and cons.
    Letsencrypt is a very good tool and now almost all shared hosting providers provide this service in their cpanel free of cost and the best thing its "Snowden" project and you can use it on unlimited domains but only the limitation is you have to renew it every 3 months but if this service is provided by your hosting then you do not need to do anything as they will take care of autorenewal

  9. #8
    Member Array Sarah K's Avatar
    Join Date
    Sep 2016
    Location
    South Carolina
    Posts
    23
    Likes (Given)
    3
    Likes (Received)
    2

    Default

    Thanks for the heads up! Shouldn't be a big deal for my websites, they don't directly sell anything, but good to know.

  10. #9
    Member Needs New Keyboard Array Brian Altenhofel's Avatar
    Join Date
    Sep 2012
    Location
    Oklahoma
    Posts
    900
    Likes (Given)
    109
    Likes (Received)
    180

    Default

    Quote Originally Posted by Harold Mansfield View Post
    Brian have you used this before or are you currently using it?
    Was wondering if you have any feedback that you could share. Pros and cons.
    I don't know how I missed this response. Might have checked the forums half asleep that day or something.

    Yes, I currently use it, but mostly for clients that only need to secure their login. The reason I don't use it for general e-commerce at this time is it's been unclear whether it would be considered a reputable signed certificate by insurers, so in those cases spending the $30 or less per year for a certificate from someone that is widely recognized outside of the the Internet world makes more since.

    The short lifetime (90 days) has one main benefit - smaller window of exposure in the event of a compromised private key.
    || VMdoh - Drupal development, consulting, and support

  11. #10
    Member With Stressed Keyboard Array dewalds86's Avatar
    Join Date
    Sep 2015
    Location
    Cape Town
    Posts
    43
    Likes (Given)
    0
    Likes (Received)
    1

    Default

    Does it refer to websites that dont have ssl or websites that are deemed unsafe due to antivirus?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •