By now, most bloggers and website owners have seen this message coming through on their email if you’ve claimed your space on the Google Console (Webmaster Tools) page. For everyone who hasn’t, especially people not in the states, here’s one for this site:
To owner of https://www.imjustsharing.com,
Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.
The following URLs on your site include text input fields (such as < input type="text" > or < input type="email" >) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ data. This list is not exhaustive.
If you think that sounds bad, check out Google’s blog post on connection security. I’m not gonna lie, it sounds really scary for those of us who have websites, especially those of us who aren’t really sure what any of this means.
By “us” I mean you, because I do have an understanding. That’s why I’m writing this post to explain what’s coming and why most of us don’t really have to worry about it… unless you want to be worried about it.
These days, for most sites on the internet all you have to do is type in the page name followed by .com, .net or whatever. Sometimes you don’t notice anything special about the link to the site when it comes up; other times you’ll see “https”. Whenever you see that, it means the site is secure, which further means that any information you put in on those sites is protected from outside sources.
The Google people, via Chrome, have decided that by October, any site you visit that possibly lets you put information of any kind in will be highlighted with that “NON SECURE” notification. Right now, if you go to a https site you’ll see the word “secure” with a lock next to it telling you it’s secure (obviously).
If you visit a site that’s not considered secure, you won’t see anything… for now. By the way, other browsers will also show you that lock if you want to check it out, but right now none of the rest are telling us that they’re going to scare our visitors with that warning message.
Why is it scary? Think about it. Whether or not you’re web savvy, having a message pop up telling you’re no a non-secure site is unnerving. If you’re trying to get to a website via a link and you get a message telling you the site might be infested with malware, I’m sure it’s freaked you out a bit and you’ve thanked the browser people for looking out for you.
However… it’s not really scary; it’s just irksome and irritating for those of us who have blogs, might be trying to capture emails addresses (you popup people are really going to be in trouble lol) or are selling something from your own site where people are going to pay you directly.
The problems are twofold.
Some people are going to be scared off from your site, aka blog, if they get that warning. That could limit both the number of comments you get as well as eventually limiting the number of people who might visit your site. That’s definitely problematic, but it’s something we have to think about.
The other problem is that for some of us, the cost of getting what’s called a SSL (Secure Sockets Layer) certificate isn’t inexpensive. For instance, my host gives everyone one site where they can add the security certificate for free, which I used on my business site.
However, I have 4 websites of my own, not including my wife’s site, and each extra certificate will cost around $145 a year; ouch! I’ve seen prices range from $5 a year to $600 a year; that’s a very scary range, isn’t it? My buddy Lisa Irby lists in her latest post a site where some people might qualify for a free SSL certificate, but only if their hosting company will allow it… mine won’t; sniff!
My overall recommendation is to check with your hosting company to see if they offer at least one free SSL certificate. Most people only have one website, which means if your host offers a free one you’re covered.
If not, personally I wouldn’t worry too much unless you notice your traffic is drastically dropping. Frankly, after realizing my site got smacked with a Panda penalty years ago by Google and killed a lot of my traffic, I’ve decided that I couldn’t care less what they want if it’s going to cost me that much money yearly. If Adsense was paying me like it used to pay me, I’d probably go for it… but they’re not…
To all visitors… don’t panic. Even CNN isn’t using the SSL certificate right now and they’re doing pretty well; neither is ESPN. It’s possible they’re working on it but right now they’re good. Frankly, getting that mobile speed up was more important because people want to access information fast. Unless the NON SECURE warning is the big honking popup, most people probably won’t notice it. If they do, gauge how much you value traffic over cost and then determine how important it is for you. For me… meh…
Any questions, just ask. Don’t be afraid to share this one with some of your less techie friends, along with Lisa’s link.
This makes me feel a bit better as I was a bit concerned about this message. I’ll investigate it more, but I won’t be overly concerned. No way am I going to invest in a site from which I derive little to no income. For me right now, blogging is mostly a hobby and one that I’ve grown somewhat weary of to a certain degree.
I’ve been hoping for some info about this message. Thanks for coming through like you so often do.
Your blog will be safe Lee, since Google owns it. I just tested your link adding https:// before it and if you put it into Chrome or any other browser you get that green lock. I hate the scare tactic message and I hope a lot of people don’t spend tons of money they can’t afford or don’t get scared if they visit websites and get the message.
Thanks for the details Mitch. Sounds almost as scary as a ransomware popup!! It’s scary but I don’t know how much it will effect your audience. I’m sure everything will be just fine!
We shall see Patrick. For all the years the internet has been around, there’s still a lot of skittish people out there.
I absolutely agree with the above.
The security message may damage your traffic trends.
Therefore, having a ccertificate must be a priority.
For those who already have a site, balancce the pros and cons. For those intending to start a new site, choose carefully your hosting.
Well, it may or may not be a priority. Right now only Google says it’s going to flag it openly on Chrome, so that might make it seem like a priority, at least in the U.S. I’m not sure how prevalent Chrome is everywhere else so the priority is evaluating one’s country standards more than anything.
Yeah, I’ve seen that warning a little while back Mitch but decided to ignore it. I decided to ignore it because I wasn’t going to outlay all that money for all my blogs.
I will check out if my hosts supply a free one though.
I’m pretty wrapt right now though because I think I found one of your very rare typos ‘might won’t; sniff’ 😉
I guess that’s the mistake for the year! lol Which of your websites would you protect if you can get a free one?
Good question Mitch. I reckon I would protect the sports betting site. I still reckon that has a lot of potential and the traffic is steadily growing
That’s intriguing. It means you don’t see Wassup Blog as your primary blog anymore.
It seems that they do offer it but once I installed it I had nothing but problems so I got rid of the stupid thing.
Really? I had no problems, although I did have to add a plugin for the blog so that it would convert all my blog pages to the format, SSL Insecure Content Fixer.
Thanks so much for posting this. I was worried about this a couple of weeks ago. I haven’t checked my console lately, so I probably would have freaked out when I did log on, so thank you for creating some calmness.
My understanding is that this is important for sites (or pages) collecting CC info, etc.
Hopefully, this won’t have an impact on traffic.
I also want to look into AMP soon (it’s been on my list for over a year), but hoping to not have to deal with either/both of these for a while, esp due to budget and redirects.
AMP doesn’t work for everyone; I decided not to try since I have old themes that I updated on my own. As for the warnings, you’re correct, but many people might not know about that. I hope this message gets through, whether it’s from me or others.
I just purchased SSL certificate after seeing that in my blog.
Thanks for this post. I would’ve do this without buying the ssl.
The SSL won’t hurt you to have; it’s just not necessary across the board.
I was very worried when i saw this on my site ,i quickly did a search on how to get the ssl certificate and to my suprise its even offered by my host free of charge.My site is secured now
Thanks for the share
Glad you were able to save yourself some money. If you can get a free one and only have one site then it’s a smart move to make just to ease the minds of some of your visitors. If you have multiple sites like I do and they’re not generating income, it’s a major waste of money.
Hi Mitch,
Indeed an Interesting post. When Google applied these, it was scary but with time, I have moved all my sites to HTTPS, so no more scary messages for my websites, but still there are many bloggers who are having the scare, so this post will be helpful to those.
~ Donna
Donna, how much did it cost you to do all of that? There’s no way I was paying that kind of money for all my sites.