Websites now require SSL certificate to avoid a “Not Secure” warning
All websites without an SSL certificate will get a ‘Not Secure’ warning in the browser from Chrome 68, currently rolling out as from July 24th 2018. This is on all pages, not just those requiring text or data entry as was previously the case.
Websites with any kind of text input have since Chrome 62 rolled out in Autumn 2017 required an SSL certificate to avoid a “Not Secure” warning when visitors enter data. An SSL certificate encrypts messages and information sent to your website. If one is installed on your site, Chrome will show the secure green padlock in the browser bar (other browsers show equivalent secure icons) and your site will have a https web address rather than a http one.
In practice this means visitors completing checkout forms, filling in contact forms or even search forms, or logging in to their account on sites without an SSL certificate currently see a Not Secure notice. All http sites in incognito mode now also show as insecure.
From Chrome 68, this will extend to every page on a site, whether in Incognito mode or not.
“Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS,” – Emily Schecter from Chrome Security Team.
Of course, when a visitor to your site sees this, it is highly unlikely that they will proceed. You are therefore highly recommended to get an SSL certificate as soon as possible. Furthermore, Google favours sites with an SSL certificate in search results – your site will be at an SEO disadvantage without one.
Many hosts offer a free SSL certificate via Let’s Encrypt or you may have one included in your hosting package. If not you may have to purchase one from your host. Please note that your site may need reconfiguring after the certificate is installed – for WordPress sites I highly recommend the Really Simple SSL plugin to help you with this.
This is an update of the original post from October 2017.