Google: Chrome will mark all HTTP sites as not secure

[djbaxter]

A secure web is here to stay
by Emily Schechter, Chrome Security Product Manager, Google Security Blog
February 8, 2018

For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.

In Chrome 68, the omnibox will display “Not secure” for all HTTP pages.

Developers have been transitioning their sites to HTTPS and making the web safer for everyone. Progress last year was incredible, and it’s continued since then:

• Over 68% of Chrome traffic on both Android and Windows is now protected
• Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
• 81 of the top 100 sites on the web use HTTPS by default

Chrome is dedicated to making it as easy as possible to set up HTTPS. Mixed content audits are now available to help developers migrate their sites to HTTPS in the latest Node CLI version of Lighthouse, an automated tool for improving web pages. The new audit in Lighthouse helps developers find which resources a site loads using HTTP, and which of those are ready to be upgraded to HTTPS simply by changing the subresource reference to the HTTPS version.

Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default. HTTPS is easier and cheaper than ever before, and it unlocks both performance improvements and powerful new features that are too sensitive for HTTP. Developers, check out our set-up guides to get started.

 

[JM35]

Welp, looks like its time to spend $100 for every website I own to get an SSL for each. Even though none of them sell products

 

[djbaxter]

Welp, looks like its time to spend $100 for every website I own to get an SSL for each. Even though none of them sell products

You may not need to spend anything. cPanel now provides domain certificates free, signed by Comodo, with a cPanel license so if your host uses cPanel ask about that. That allows you to use an SSL encrypted connection.

It's not just about ecommerce though. It's also about any site that you or visitors may need to log into, which is pretty much any site. Ultimately, it's about securing personal information including passwords.

 

[MillennialMotivator]

I will have to revisit me shell sites to make sure they are HTTPS:// thanks for this!