Chrome now marks HTTP pages as “Not secure” if they have password or credit card fields. Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.
Soon after this update, the Chrome team plans to show the “Not secure” warning for all HTTP pages, even outside Incognito mode. They will publish updates as they approach future releases, but don’t wait to get started moving to HTTPS.
HTTPS is a must-have for progressive websites and web apps. In the video below, the Google dev team debunks some common myths and fears about HTTPS, shows you why it’s an essential feature, and dispense some tips and tricks for getting a shiny green lock on your site.
HTTPS not only secures your site, it tremendously speeds up your website because of HTTP/2, which requires HTTPS by HTTP/2-compatible browsers. HTTPS is easier and cheaper than ever before, and it enables both the best performance the web offers and powerful new features that are too sensitive for HTTP. Check out Google’s set-up guides to learn more. The video above also discusses HTTP/2 in more detail starting at 17:00 or so (jump to that time: https://youtu.be/e6DUrH56g14?t=1020)
See the speed difference yourself here! This website shows the drastic difference very well: HTTP vs HTTPS
One way to easily get your website onto HTTPS is by using the free content delivery network (CDN) service Cloudflare. Cloudflare is great for almost any site for it’s security and caching benefits alone, but it now offers free HTTPS, and provides free HTTP/2 capabilities with the click of a button, even if your web host doesn’t yet support HTTP/2.
Cloudflare generates and gives you a free, 15-year (no renewal fees!) SSL certificate that you can then install within your hosting control panel, and then switch your website URL over to HTTPS. For WordPress websites, that process is pretty simple: set the Home and Site URLs to use HTTPS, and then use a database search and replace plugin to replace http://domain.com strings with https://domain.com – that’s about it. Optionally, now is also a good time to stop using “www.” on the front of your website – that’s outdated and kinda silly these days, but test everything, including old links.
We can help you implement the above if you need help, just reach out.
Here\’s the 10 steps to move your WordPress website to Cloudflare, HTTPS, and HTTP/2:
1: Sign up for Cloudflare. Add your domain(s), choose the Free plan.
2: Verify the DNS records were imported into Cloudflare completely. If not, recreate missing DNS records as needed.
3: Change the name servers on the domain(s) to the Cloudflare name servers.
4: Wait a few hours, test to ensure everything is working through Cloudflare.
5: In hosting CP, switch domain(s) to a dedicated IP address if the server says it\’s needed for SSL, and update Cloudflare DNS with the new IP. (Some server configurations don\’t support shared IPs for SSL)
6: In Cloudflare under Crypto, generate the Origin server cert, copy the cert and especially the key file, since it\’s only displayed once.
7: Install the cert and key files in the hosting CP under Import SSL Certificate, paste in the key and then the cert files.
8: Search/replace in WordPress \’http://domain.com\’ with \’https://domain.com\’, all tables.
9: Test everything out, ensure there are no mixed content errors, etc. Turn on HTTPS in Cloudflare.
10: Enjoy HTTPS security and HTTP/2 speed!
Rob, I don\’t have a WP site. I don\’t do orders for anything. No one has to sign in on my websites. Plus, I\’m totally inept at this stuff.
Hi Susan, yes for your site, no worries… this is geared more towards active blog sites or ecommerce sites, etc, where forms could contain email addresses or other personal information.