Big Security Changes in 2017
There are big changes for website owners in 2017. In late January, Google’s Chrome web browser version 56 has a significant change in how websites are displayed. Currently, visitors see a “Not Secure” message for websites that process credit cards, collect personal information, or passwords and don’t have an SSL certificate (Secured Socket Layer).
You may be thinking my website doesn’t process credit cards or take any passwords or personal information. January’s change was only phase 1 for 2017, as Google plans to display a “Not Secure” message for all websites that are not using SSL certificates in the future.
BearCreek Web Works Position
The web is a great platform for businesses to operate, and we are in favor of making this environment as secure as possible. The “Not Secure” message is intended to have visitors think twice about processing credit cards or providing personal information on sites without an SSL Certificate. In reality, non-technical visitors may read the message as a warning to stay off the site completely.
As we are passionate about helping small businesses grow, we want our clients websites displayed in the most positive light. So, BearCreek is offering free Let’s Encrypt SSL certificates to our clients that host their website with us. Depending upon the nature of your business, a paid SSL certificate may be a better option for you. By providing this for our clients, your website will continue to operate seamlessly in 2017 without visitors getting the “Not Secure” message.
To add your free Let’s Encrypt SSL certificate, login to your Client Portal, select your hosting account and Let’s Encrypt SSL will be an option in the Addons & Extras drop-down menu. If you have any questions submit a ticket or give us call.
What Does an SSL Certificate Do?
This is a very technical thing to talk about, but we will try to explain it in simple terms. Websites that are not using SSL certificates will show up in your browser window as HTTP://example.com or HTTP://www.example.com. They will not display a green security padlock. It looks like the URL address below:
HTTP (Hyper Text Transfer Protocol) – URL addresses that begin with HTTP are sharing information on the internet in its original form, basically as plain text. This will allow anyone who gains access to view that information.
Websites that are using SSL certificates will show up in your browser window as HTTPS://example.com or HTTPS://www.example.com. They will display a green security padlock. It looks like the URL address below:
HTTPS (Hyper Text Transfer Protocol Secure) – URL addresses that begin with HTTPS are sharing plain text information, but the information gets “scrambled” into character strings via an SSL certificate. Only the receiving and sending computers can view the information. Others may be able to access it, but they will not be able to read it because the information is so scrambled.
It’s Best to Stay Ahead of the Changes
The Chrome browser accounts for almost 50% of browser usage. Even though Chrome is the first to make these security changes, the likelihood that other browsers will follow suit is fairly certain. Take advantage of our free Let’s Encrypt offer, and take the time to add this service to your hosting account. This will ensure your visitors feel safe and secure on your website.
For the January changes to Chrome, the website forms that are not secure will begin to look like this:
As previously mentioned, this is the first phase in a larger effort to get all websites to move from HTTP to HTTPS.
An upcoming release in Google Chrome will label all non-HTTPS pages as “Not secure” in incognito mode because users in this mode expect higher levels of privacy.
In the final phase, Chrome will label all plain HTTP pages as “Not secure”. It will look like this:
Other Considerations for the Change
There are other benefits to making this change sooner rather than later. Outside of the obvious advantages of maintaining your business flow and increasing the security of your website, Google places a higher emphasis on search engine rankings for websites using an SSL certificate. This is a great way to improve your SEO through organic searches on the Internet.