Read about our mission to simplify development

Coming Soon… Non-HTTPS Sites Labeled “Not Secure” by Chrome

Coming Soon… Non-HTTPS Sites Labeled “Not Secure” by Chrome

Posted on September 16, 2016

Sometime this month (January 2017), Google will be releasing version 56 of the Chrome web browser. There is a significant change in the way it displays websites that are not using HTTPS, also known as SSL. This change may confuse your site visitors or surprise you if you are not expecting it. Starting with this release, any website that is not running HTTPS will have a message appear in the location bar that says “Not Secure” on pages that collect passwords or credit cards. It will look like this:

HTTPS will have a message appear in the location bar that says Not Secure

This is the first part of a staged rollout that encourages websites to get rid of plain old HTTP. In an upcoming release Google Chrome will label all non-HTTPS pages  in incognito mode as “Not secure” because users using this mode have an increased expectation of privacy. The final step in the staged roll out will be that Chrome will label all plain HTTP pages as “Not secure”. It will look like this:

Chrome will label all plain HTTP pages as Not secure

The Impact on You, the Website Owner

So, once again, starting on approximately January 31st of this month, any page on your website that is non-HTTPS and has a password form or credit card field will be labeled as “Not secure” in the location bar by Google Chrome. This may confuse your site visitors who sign in to your website because they may interpret the message to indicate that your website has been compromised. They could also interpret the message to mean that your site has some underlying security issue other than being non-HTTPS. The current timeline for the release of Chrome 56 is unclear. The official statement from Google indicates it will be released some time in “January”

However, based on the Chromium development calendar  it looks like Chrome 56 may be released on January 31st. You’ll notice that calendar says “Estimated stable dates” and is subject to change. Assuming Chrome 56 will be released on January 31st, that gives you two weeks starting today to get your site running on 100% SSL to avoid the new “Not secure” message appearing on your login pages.

What to do if Your Site is Not Using HTTPS

We recommend you contact your webhost and have them install the SSL certificate for you, or call us.

Google has a technical description of how to implement SSL

on your website if you are so inclined to understand more about the process. You will also find many guides describing how to set up SSL with a simple Google search. But definitely start by visiting your hosting provider support documentation or doing a google search for your hosting provider name and ‘SSL installation’ without quotes. If you have already set up SSL on your site, congratulations!  You are all set and ready for the new change in Chrome 56 coming later this month.