In an effort to make web browsing more secure, Google has announced that Chrome 56 will warn users when they visit pages that aren’t secured by SSL and have a field for password entry.
This means that any site that doesn’t use the https:// protocol is potentially going to warn your users that your site is unsafe with a little icon and message in the address bar. This will happen in the next week or so.
Google’s long-term plan of making the web more secure starts with passwords and credit cards, but will eventually affect every website not using SSL security.
Here’s what Google had to say about it:
To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
Luckily, there’s a quick fix. We can install an SSL certificate on your site to enable secure connections and keep Chrome’s warnings at bay. Domain-validated certificates are about $10 per year, and can be installed in less than an hour. We’ll then forcefully redirect all traffic hitting http:// to https://.
The important work, however, comes after. When you update the protocol (https://) your site uses, you’re technically changing the site’s address, and need to update all of the links in your content, as well as Google’s search index.
We can search and replace your site’s address within WordPress, and will run through the site manually to ensure that everything is working as intended. We’ll also run a full link scan to catch any potential misses.
To avoid losing your search engine ranking, we can file a site move with Google as a change of address. While this method is recommended by Google, they do say this:
With any significant change to a site, you may experience ranking fluctuations while Google recrawls and reindexes your site. As a general rule, a medium-sized website can take a few weeks for most pages to move in our index; larger sites can take longer.
Once this is complete, your site is ready to offer safe and secure browsing to your users!
Here are the at-a-glance steps for us to secure your website and avoid Chrome’s warnings:
You: Contact us and let us know you’d like to secure your site (we may be emailing you as well) – we take over from here.
- Purchase a domain-validated (DV) SSL certificate for your site
- Install the certificate on the server
- Test that your site can properly run secure connections
- Update your site’s code to work with https://
- Update your site’s address in WordPress
- Search and replace your site’s address in all links within the content of your site
- Enable 301 (permanent) redirects from all http:// traffic to https://
- Fully test the entire site (manually)
- Run a link scan to ensure that all links have been updated
- Add the new site address to Google Search Console
- Submit a dynamic sitemap to Google
- File a change of address (site move) with Google
- Monitor Google’s indexing updates (this happens over the next month or so)
Give us a shout or send us an email if you’d like to get started!
Stay safe out there.