Non-HTTPS Sites Labeled “Not Secure”

with No Comments

by Chrome

On approximately January 31st of this year, version 56 of the Chrome web browser will be released. There is a significant change in the way it displays websites that are using non-HTTPS protocol. This change may confuse your site visitors or surprise you if you are not expecting it.

non-https alertStarting with the release of Chrome 56 this month, any website that is not running HTTPS will have a message appear in the location bar that says “Not Secure” on pages that collect passwords or credit cards. It will look like this:

This is the first part of a staged rollout that encourages websites to get rid of plain old HTTP.

In an upcoming release Google Chrome will label all non-HTTPS pages in incognito mode as “Not secure” because users using this mode have an increased expectation of privacy.

The final step in the staged rollout will be that Chrome will label all plain HTTP pages as “Not secure”. It will look like this:

non-https

 

What to do if your site is not HTTPS

We recommend you start by looking at the support documentation that your hosting provider offers to find out how to set up SSL on their system. You will find that some hosting providers have a very easy installation method. If you ignore this and decide to configure things manually you may be making life more difficult for yourself.

Google has a technical description of how to implement SSL on your website. You will also find many guides describing how to set up SSL for WordPress with a simple Google search. But definitely start by visiting your hosting provider support documentation or doing a google search for your hosting provider name and ‘SSL installation’ without quotes.

If you have already set up SSL on your site, congratulations!  You are all set and ready for the new change in Chrome 56 coming later this month.

Please share this with the broader WordPress community to promote the use of SSL across all websites and to help other WordPress site owners stay secure.

(source: Mark Maunder – Wordfence Founder/CEO).

Https on Mozilla Firefox

firefox secure
Secure connection on Firefox

Starting in Firefox version 51, Firefox will display a lock icon with red strike-through in the address bar when a login page you’re viewing does not have a secure connection. This is to inform you that if you enter your password it could be stolen by eavesdroppers and attackers.

Look for an icon in your address bar to determine if the page has mixed content.

No mixed content: secure
firefox secureYou’ll see a green lock when you are on a fully secure page. To see if Firefox has blocked parts of the page that are not secure, click the green lock icon. For more information, see the Unblock mixed content section at this link.

 

Mixed content is not blocked: not secure
non-httpsIf you see a lock with a red line over it, Firefox is not blocking insecure elements, and that page is open to eavesdropping and attacks where your personal data from the site could be stolen. Unless you’ve unblocked mixed content you shouldn’t see this icon.
firefox mixed contentA grey lock with an orange triangle indicates that Firefox is not blocking insecure passive content. Attackers may be able to manipulate parts of the page, for example, by displaying misleading or inappropriate content, but they shouldn’t be able to steal your personal data from the site.

 

Leave a Reply