Websites with text input will require SSL certificate to avoid a “Not Secure” warning

padlocks on bridge

Websites with any kind of text input will require an SSL certificate if they want to avoid a “Not Secure” warning.  With its next update to Chrome 62 rolling out as I write, Google Chrome, the most-used web browser will begin showing sites without an SSL certificate as ‘Not secure’  when visitors enter data.  A SSL certificate encrypts messages and information sent to your website, and will show the secure green padlock in the browser bar (in Chrome). Sites with an SSL certificate also have a https web address rather than a http one.

In practice this means visitors completing checkout forms, filling in contact forms, entering information or logging in to their account, will see a Not Secure notice.

chrome not secure diagram

All http sites in incognito mode will also show as insecure. And furthermore, from some time next year, it is likely that Google will show all http sites as insecure as part of its drive to make the web a more secure place.

“Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS,” – Emily Schecter from Chrome Security Team.

Of course, when a visitor to your site sees this, it is highly unlikely that they will proceed.

chrome non secure warning

If your site requires visitors to fill in data via, for example, membership, checkout or contact forms you are highly recommended to get an SSL certificate as soon as possible. Furthermore, Google also slightly favours sites with an SSL certificate in search results.

Many hosts offer a free SSL certificate via Let’s Encrypt or you may have one included in your hosting package. If not you may have to purchase one from your host. 

Postscript

As far as I can tell, having just updated to Chrome 62, Google may have delayed full implementation. I think it is only marking as non-secure pages containing password and credit card input fields (as Firefox already does). I don’t see  a warning when I enter data into a contact form or even a WooCommerce checkout page.  Still, it’s only a matter of time. Seems it’s not doing it immediately for everyone, but no doubt it’s coming very soon.

Ah, apparently, Chrome rolls out features on a more experimental tentative basis –  see: https://textslashplain.com/2017/10/18/chrome-field-trials/