🐳 Join us on Spoutible @kaleidaweb.

Coding + designing from our office in Easton, MA.

No HTTPS? Not on my watch.

Post by Dani

On May 9, 2017
Good news for all of my WordPress web design clients who use my hosting services. As of this weekend, ALL of my WordPress sites will have a SSL certificate and run HTTPS exclusively. HTTPS enables both the best performance the web offers and powerful new features that are too sensitive for HTTP.  

A bit of history: In January, Google began their quest to improve how Chrome communicates the connection security of HTTP pages. Chrome now marks HTTP pages as “Not secure” if they have password or credit card fields. Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.

Treatment of HTTP pages in Chrome 62

Google’s plan to label HTTP sites as non-secure is taking place in gradual steps, based on increasingly broad criteria. Since the change in Chrome 56, there has been a 23% reduction in the fraction of navigations to HTTP pages with password or credit card forms on desktop, and they are ready to take the next steps.

Passwords and credit cards are not the only types of data that should be private. Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the “Not secure” warning when users type data into HTTP sites.

Treatment of HTTP pages with user-entered data in Chrome 62

When users browse Chrome with Incognito mode, they likely have increased expectations of privacy. However, HTTP browsing is not private to others on the network, so in version 62 Chrome will also warn users when visiting an HTTP page in Incognito mode.

Eventually, Google plans to show the “Not secure” warning for all HTTP pages, even outside Incognito mode.