Chrome now marks HTTP pages as “Not secure” if they have password or credit card fields. Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.

Soon after this update, the Chrome team plans to show the “Not secure” warning for all HTTP pages, even outside Incognito mode. They will publish updates as they approach future releases, but don’t wait to get started moving to HTTPS.

HTTPS is a must-have for progressive websites and web apps. In the video below, the Google dev team debunks some common myths and fears about HTTPS, shows you why it’s an essential feature, and dispense some tips and tricks for getting a shiny green lock on your site.

 

HTTPS not only secures your site, it tremendously speeds up your website because of HTTP/2, which requires HTTPS by HTTP/2-compatible browsers. HTTPS is easier and cheaper than ever before, and it enables both the best performance the web offers and powerful new features that are too sensitive for HTTP. Check out Google’s set-up guides to learn more. The video above also discusses HTTP/2 in more detail starting at 17:00 or so (jump to that time: https://youtu.be/e6DUrH56g14?t=1020)

HTTP/2 is the first major upgrade to the HTTP protocol in over 15 years. Websites have changed dramatically in the interim, with the number of external image, CSS, and JavaScript assets growing by the year. HTTP/1.1 wasn’t designed for this kind of complexity. HTTP/2 is optimized for the modern website, improving performance without complicated hacks like domain sharding and file concatenation. Adopting HTTP/2 speeds up your website without any changes to your existing codebase.

See the speed difference yourself here! This website shows the drastic difference very well: HTTP vs HTTPS

One way to easily get your website onto HTTPS is by using the free content delivery network (CDN) service Cloudflare. Cloudflare is great for almost any site for it’s security and caching benefits alone, but it now offers free HTTPS, and provides free HTTP/2 capabilities with the click of a button, even if your web host doesn’t yet support HTTP/2.

Cloudflare generates and gives you a free, 15-year (no renewal fees!) SSL certificate that you can then install within your hosting control panel, and then switch your website URL over to HTTPS. For WordPress websites, that process is pretty simple: set the Home and Site URLs to use HTTPS, and then use a database search and replace plugin to replace http://domain.com strings with https://domain.com – that’s about it. Optionally, now is also a good time to stop using “www.” on the front of your website – that’s outdated and kinda silly these days, but test everything, including old links.

We can help you implement the above if you need help, just reach out.