Websites will require SSL certificate to avoid a “Not Secure” warning

padlocks on bridge


Google has announced that all websites without an SSL certificate will get a ‘Not Secure’ warning in the browser from Chrome 68, currently expected to roll out in July 2018. This is on all pages, not just those requiring text or data entry as is currently the case. 

Websites with any kind of text input have since Chrome 62 rolled out last Autumn required an SSL certificate to avoid a “Not Secure” warning when visitors enter data.  An SSL certificate encrypts messages and information sent to your website. If one is installed on your site, Chrome will show the secure green padlock in the browser bar (other browsers show equivalent secure icons) and your site will have a https web address rather than a http one.

In practice this means visitors completing checkout forms, filling in contact forms or even search forms,  or logging in to their account on sites without an SSL certificate currently see a Not Secure notice.  All http sites in incognito mode now also show as insecure. 

chrome not secure diagram

From Chrome 68, this will extend to every page on a site, whether in Incognito mode or not.

“Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS,” – Emily Schecter from Chrome Security Team.

chrome non secure warning

Of course, when a visitor to your site sees this, it is highly unlikely that they will proceed. You are therefore highly recommended to get an SSL certificate as soon as possible. Furthermore, Google favours sites with an SSL certificate in search results – your site will be at an SEO disadvantage without one.

Many hosts offer a free SSL certificate via Let’s Encrypt or you may have one included in your hosting package. If not you may have to purchase one from your host. Please note that your site may need reconfiguring after the certificate is installed – for WordPress sites I highly recommend the Really Simple SSL plugin to help you with this.

This is an update of the original post from October 2017.