Google Chrome SSL HTTPS update 2017

Google Chrome More secure web SSL HTTPS update 2017

In September 2016 The Google security blog posted the "Moving towards a more secure web" article. Google wants to help users browse the web more safely in 2017.

Up until 2017 Google never labelled unsecure connections. However from January 2017 with the Chrome update to 56 they started to mark HTTP pages as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.

example of non secure chrome website Prior to adding SSL to our website:

 

example of secure chrome websiteAfter adding SSL to our website:

 

What the benefit of having a site which uses SSL?

Not only does having your website secure help keep visitors to your website’s information safe, having SSL on your website keeps their mind at ease as well because it also provides authentication. So even if you don't take secure payments the fact your website is secure helps. If you had the option of entering information on a secure or unsecure website what would you choose?

What the difference between http and https?


HTTP (HyperText Transfer Protocol) and HTTPS (HyperText Transfer Protocol Secure) are both protocols, or languages, for passing information between web servers and clients. You simply need to know HTTPS is a secure and HTTP is unsecure.

When you load a website over HTTP, it could mean someone else could look at or modify the site before it gets to you. In an era where concerns about information security are rising and the need to protect personal data becomes paramount, these new security indications will allow users to make an informed decision about which sites to trust with sensitive information such as passwords and payment credentials.

Eventually, Chrome will show a Not Secure warning for all pages served over HTTP, regardless of whether or not the page contains sensitive input fields

HTTPS is also known as SSL. Hosting companies usually charge around £60 per year to add SSL however their are alternatives like Cloudflare and Lets Encrypt.

How easy is it to make my website secure with SSL?

Adding SSL can be complicated and not as simple not as putting https in front of your web address. All the navigation needs to be updated to reflect the change from http to https. All navigation links should be absolute ie https://www.yourwebsite.co.uk/contact.htm and not contact.htm

SSL comes in the form of a certificate issued to each domain and needs to be added prior to the site being shown to a user. The links on each page need to be pointing to secure pages any non-secure images, scripts and css files could trigger a warning message in browsers.

Hosting companies usually charge around £60 per year just for the SSL certificate, however their are alternatives like Cloudflare and Lets Encrypt which issue free certificates, though they do have limitations.

 

What MJS Website Design is doing


We now advise all clients to move towards HTTPS SSL, using either SSL provided at source through their own hosting company or if we provide hosting through Cloudflare's SSL. You can read the article by clicking on the following link https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html

contact MJS Website DesignMore Information
If you would like further information you can go to our contact page, where you can request our current prices, and further information, all without any obligation.