Chrome security warnings: our response
Google has taken a fairly major step towards a secure public internet this month by announcing that, from October 2017, it’ll mark http pages with forms on as ‘Not Secure’ in Chrome.
The company recently sent out notifications to all Google Search Console managers outlining this update with an email along the lines of:
“Chrome will show security warnings for [domain name]. Beginning in October 2017, Chrome will show the ‘Not secure’ warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.”
The email went on to explain which pages on your particular website were insecure and how to address the issue. Understandably, we got quite a few enquiries from concerned clients about this.
Above: that email in all it’s glory. You might have had one of these too.
As a result, we’ve chosen to step up our game and upgrade all of our managed & support hosting clients’ websites to SSL over the next few days. This one’s on us – free of charge. All part of the service, folks.
What’s SSL all about?
Secure Socket Layers, or SSL, is an encrypted format for passing data around a network (in this case, the web).
You can tell when it’s in place, because a little green padlock should appear next to the website address (as it does on this page) and the site address should have https:// in front of it (instead of plain ol’ http).
In the early days, SSL was only used on pages that transmitted sensitive information – user details, passwords and/or payment information being the most common. It also had a cost implication, as website owners would be required to purchase a security certificate, which required renewal every year, ranging in cost but typically starting from around a hundred pounds or so.
As a result, most client’s websites didn’t need it and, as a result of that, we didn’t push it unless we felt it was necessary.
However: as the technology has spread, costs have fallen and it’s now much easier than it was to run a site on SSL. What’s more, it’s now faster to load (because it can use the new http2 rather than http), and last-but-not least, it’s one of Googles ranking signals – so it’ll give your website an additional wee boost for getting found by the search engine too.
What’s Creatomatic doing about it?
When Google announced this update, we spent a bit of time looking into the options.
Manually upgrading sites on an ad-hoc or on-request basis is inefficient. Instead, we established that, by processing our servers in bulk, we could upgrade ALL of our clients’ sites onto SSL with relatively minor cost implications to us, and zero downtime or service interruption for you – in fact, we eventually decided to provide this service for free to all Creatomatic clients with sites hosted on one of our own dedicated servers (that’s roughly 90% of you lovely people).
We’ve purchased the necessary tools and have been busy working through this update this week.
Will this affect my website?
It should – yes. In a good way, though:
- You’ll see a green padlock appear next to your website address to indicate to people viewing it that it’s secure.
- Your site should load marginally more quickly than before.
- In the future, you should see an improved search engine ranking.