BFI®, business clicks with us

We're recruiting! Find out more

0845 519 4727

If you can't compete online...
then you can't compete

... and now
2 offices!

1 Team,
established
1996 working
with over
1,700 clients
to date

Google Chrome to warn about non-HTTPS pages

December 12th, 2016, by

The web is moving toward a time where all websites use SSL on all pages by default:

.

A secure SSL certificate was previously only necessary for checkout pages and those handling sensitive data. At BFI we’ve tended to only recommend them for websites that don’t outsource card handling to pages hosted by SagePay, PayPal or similar.

Since 2014 Google has been gently guiding us towards a more secure web – a project they called “HTTPS Everywhere” – indicating that in the future HTTPS would be used as a ranking signal (albeit a tiny one) when determining where to rank website pages in the search results. So far, the impact of that has been very minor.

Fast forwarding to the end of 2016, Google have stepped up the encouragement, releasing an update to the Chrome web browser that will “mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.

Chrome will mark HTTP pages that collect passwords or credit cards as non-secure

This is part of a plan to eventually mark all HTTP pages as “Not secure”, regardless of their nature:

Eventual treatment of all HTTP pages in Chrome

What does this mean for me?

In the short-term, it means that from the end of January 2017, websites with log-in pages – members areas, customer accounts, back-end admin pages etc. – that don’t use HTTPS:// in the URL will show a “Not secure” message in the address bar on Chrome:

Log-in pages without HTTPS will show a warning

Although Google Chrome will be the first browser to do this (Chrome has 46% of the UK market share), Firefox follows closely (11% of UK market share). It’s only a matter of time before the remaining browsers (Safari, 21%) and Microsoft Edge (6%) do the same.

To prevent this “Not secure” message showing on your log-in pages, it’s best to upgrade your website to use SSL.

In the long-term, Chrome will be warning when ANY page is not secure, so at BFI we’ll be building all new sites with “HTTPS everywhere” by default.

Eventual treatment of all HTTP pages in Chrome

What should I do now?

You can now order the upgrade for your site online. For most sites a basic certificate will cost £49/year + VAT and it’ll cost £85 + VAT to implement for a ‘normal’ GetTrolleyed, WordPress or WooCommerce site.

Upgrades will be applied on a first-come-first-served basis, so we would urge you to book your upgrade quickly (and pay online) to avoid delay: