Chrome Will Flag HTTP Sites As Not Secure
Security on the web is important even if your website isn’t collecting and processing consumer data and payments. Using the secure protocol (HTTPS) has been the norm for transactional sites for years; but starting in July 2018, Google Chrome will begin flagging sites that don’t use HTTPS as insecure.
Sites that are secure will display with a green lock and the word “Secure” next to the URL in the browser. Those that are not secure will display with an information icon and the words “Not secure.” Being flagged in this way may erode users’ confidence in you, so you’ll need to take steps to secure your site.
Why You Should Be Using HTTPS
If you don’t process payments or collect sensitive data from visitors to your site, you might be wondering whether you need to use HTTPS. The short answer is yes.
Every website collects data, and public awareness of privacy is high. The primary result of big data breaches like the one at Equifax is a heightened level of concern about privacy and web security. Consumers know that their data (and even their online behaviour and preferences) can be used in various ways. Sites that don’t prioritise privacy can take a big hit in terms of trust.
Regardless of what industry you’re in, you need your clients to trust you. Using HTTPS lays the groundwork for trust by showing that you take security seriously.
Get a Free Comodo SSL Certificate
The first thing you’ll need to secure your site is an SSL certificate. LocalNode uses cPanel, which provides a free cPanel cross-signed Comodo SSL to all of our clients.
We have enabled AutoSSL which means that we will automatically attempt to install the SSL certificate on your domain. However, you can also choose to install the SSL certificate yourself using cPanel, which comes free with all our accounts.
You can find step-by-step instructions to install your Comodo SSL certificate through cPanel in this article. It should take only a few moments and then you can be sure that your site is safe for your customers to use.
Forcing HTTPS on Your Websites
After you have installed your SSL certificate, the next step is to force visitors to your site to view the HTTPS version of the site. That’s the best way to avoid security breaches that might be caused if someone inadvertently used the unsecured version of your site.
A common mistake that people make is simply redirecting traffic from their HTTP content to HTTPS content. However, hackers are able to essentially hijack those redirects using tools like SSLStrip. If they do that, then the user’s sensitive information – including credit cards and other personal data – may be easily stripped during the transaction.
The solution is to force all traffic to the secured version of your site. You can find simple instructions on how to do that in our Knowledgebase post on that topic. We’ve included instructions to force HTTPS on all sites as well as on a single domain. However, we strongly recommend that users of our superior network force HTTPS on all sites. It’s the best way to keep your site secure and avoid giving bad actors a way to access your valuable data.
Google has already started flagging sites that are not secure. If you have not already installed your free SSL certificate and forced users of your website to access the HTTPS version of it, you’ll need to take care of it right away. It’s the only way to secure the data you collect from customers and make the most of your First Class Hosting with us.