What is happening?
Website owners, bloggers, beware of big changes coming up. If your website is not yet secured with HTTPS, in the near future, your visitors that use Google Chrome or Chromium browsers will be warned of using Not secure website. This is big, your users will be warned they are not on the secure website and from October 2018, if they enter any data on the website, a red warning will appear.
About 60% of the internet population use Chrome and Chromium browsers, so make sure you switch to HTTPS as soon as possible.
What will be the result?
Until now, when you visited an HTTP unsecured website, http://example.com, Chrome and Chromium browsers would just display it without any warning. On a secured website, the browser would display a green lock icon with Secure marking and https: part of URL in green color.
According to Google Blog, as of September 2018 every unsecured website, meaning websites with URL that starts with http:// instead of https:// will be marked as unsecured in Google Chrome and Chromium browsers.
Starting from July 2018, if your Chrome version is up to date, you will notice a Not secure warning left of URL on unsecured HTTP websites.
Eventually from September 2018, marking Secure will be removed, by default if the site is HTTPS secured, it will not show any marking, only unsecured sites will be marked Not secure.
In October 2018 it will start showing a red Not Secure warning when a user enters data on an unsecured website.
What is HTTPS anyway?
Hypertext Transfer Protocol (HTTP) is the foundation of data communication for the World Wide Web. All browsers understand the HTTP protocol, they can communicate using HTTP with servers, and the result is a website displayed on your screen.
HTTPS is HTTP Secure, not going to technical details, HTTPS is HTTP encrypted using Transport Layer Security (TLS). In past you may have heard of Secure Sockets Layer (SSL), SSL is the predecessor of TLS.
Why is securing your website important?
If you browse an unsecured website and you enter any information into a web form, it may be your username, password, date of birth, credit card information, bank account information – on your network it all can be listened to very easily without any special tools and basic networking knowledge, this is usually called eavesdropping.
The most common scenarios are when you share WiFi network with a roommate or more users, public WiFi ( internet cafe, public transport, school, restaurant, … ), but even badly setup company network or school network can be dangerous.
Once data between the server and the client is securely encrypted with HTTPS, it is very hard to impossible to eavesdrop over the network.
If your website collects private personal information, credit card information or any other sensitive data, it is important that you switch to the secured protocol as soon as possible. Most of the credit card processors do not allow unsecured websites to collect credit card information over unsecured protocol anyway.
Securing your website protects your clients as well because, over HTTPS, customers privacy is protected too. When your customers access your website over HTTPS, their Internet Service Provider (ISP) can not track them too. ISP will not be able to see what data your customers share with you, but if well setup, ISP will not be able to see even that the customer is visiting your website.
How we deal with HTTPS on Canagon.com
On Canagon.com, we never allowed unsecured websites, by default, all websites built by Canagon are secured with LetsEncrypt, the leading open certificate authority. Sponsors of LetsEncrypt are companies like Chrome, Mozilla, Akamai, Cisco, Facebook GitHub and many more.
Users that prefer other than LetsEncrypt certificate and purchased their own certificate from different certificate authority can as our support team to upload the certificate and connect it to their website.
All our websites are secured by default. Customers that enter URL without HTTPS are automatically redirected to the secured version of the website.