By now, most bloggers and website owners have seen this message coming through on their email if you’ve claimed your space on the Google Console (Webmaster Tools) page. For everyone who hasn’t, especially people not in the states, here’s one for this site:
To owner of http://www.imjustsharing.com,
Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.
The following URLs on your site include text input fields (such as < input type="text" > or < input type="email" >) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ data. This list is not exhaustive.
If you think that sounds bad, check out Google’s blog post on connection security. I’m not gonna lie, it sounds really scary for those of us who have websites, especially those of us who aren’t really sure what any of this means.
By “us” I mean you, because I do have an understanding. That’s why I’m writing this post to explain what’s coming and why most of us don’t really have to worry about it… unless you want to be worried about it.
These days, for most sites on the internet all you have to do is type in the page name followed by .com, .net or whatever. Sometimes you don’t notice anything special about the link to the site when it comes up; other times you’ll see “https”. Whenever you see that, it means the site is secure, which further means that any information you put in on those sites is protected from outside sources.
The Google people, via Chrome, have decided that by October, any site you visit that possibly lets you put information of any kind in will be highlighted with that “NON SECURE” notification. Right now, if you go to a https site you’ll see the word “secure” with a lock next to it telling you it’s secure (obviously).
If you visit a site that’s not considered secure, you won’t see anything… for now. By the way, other browsers will also show you that lock if you want to check it out, but right now none of the rest are telling us that they’re going to scare our visitors with that warning message.
Why is it scary? Think about it. Whether or not you’re web savvy, having a message pop up telling you’re no a non-secure site is unnerving. If you’re trying to get to a website via a link and you get a message telling you the site might be infested with malware, I’m sure it’s freaked you out a bit and you’ve thanked the browser people for looking out for you.
However… it’s not really scary; it’s just irksome and irritating for those of us who have blogs, might be trying to capture emails addresses (you popup people are really going to be in trouble lol) or are selling something from your own site where people are going to pay you directly.
The problems are twofold.
Some people are going to be scared off from your site, aka blog, if they get that warning. That could limit both the number of comments you get as well as eventually limiting the number of people who might visit your site. That’s definitely problematic, but it’s something we have to think about.
The other problem is that for some of us, the cost of getting what’s called a SSL (Secure Sockets Layer) certificate isn’t inexpensive. For instance, my host gives everyone one site where they can add the security certificate for free, which I used on my business site.
However, I have 4 websites of my own, not including my wife’s site, and each extra certificate will cost around $145 a year; ouch! I’ve seen prices range from $5 a year to $600 a year; that’s a very scary range, isn’t it? My buddy Lisa Irby lists in her latest post a site where some people might qualify for a free SSL certificate, but only if their hosting company will allow it… mine won’t; sniff!
My overall recommendation is to check with your hosting company to see if they offer at least one free SSL certificate. Most people only have one website, which means if your host offers a free one you’re covered.
If not, personally I wouldn’t worry too much unless you notice your traffic is drastically dropping. Frankly, after realizing my site got smacked with a Panda penalty years ago by Google and killed a lot of my traffic, I’ve decided that I couldn’t care less what they want if it’s going to cost me that much money yearly. If Adsense was paying me like it used to pay me, I’d probably go for it… but they’re not…
To all visitors… don’t panic. Even CNN isn’t using the SSL certificate right now and they’re doing pretty well; neither is ESPN. It’s possible they’re working on it but right now they’re good. Frankly, getting that mobile speed up was more important because people want to access information fast. Unless the NON SECURE warning is the big honking popup, most people probably won’t notice it. If they do, gauge how much you value traffic over cost and then determine how important it is for you. For me… meh…
Any questions, just ask. Don’t be afraid to share this one with some of your less techie friends, along with Lisa’s link.