The end of HTTP is near. Starting with Chrome version 70, web pages not served via an HTTPS secure connection will be mark as unsafe.
The search engine behemoth has been promoting the idea of an encrypted web for years. Google moved in 2014 to mark all sites served as HTTP as insecure.
Google has moved this idea forward, believing that as more site owners adopt HTTPS, Chrome security features should change in response.
The move toward securing web sites has come a long way in a short time. In fact, secure web traffic has almost doubled since 2014.
With increasingly broader adoption of HTTPS, Google is set to eliminate unsecured web pages. Chrome will begin displaying the red “Not Secure” warning.
"We hope these changes continue to pave the way for a web that’s easy to use safely, by default. HTTPS is cheaper and easier than ever before, and unlocks powerful capabilities, so don’t wait to migrate to HTTPS," stated Emily Schechter, Product Manager, Chrome Security, notes in a blog post.
Google isn’t alone in this effort. Beginning in 2017, Firefox began warning users when web pages are delivering login fields via HTTP connections.
Sites not served by a compliant SSL certificate will appear as a potentially dangerous web site to visitors. As a result. this change could have a big impact to small business web sites.
WordPress hosted web sites can obtain a free SSL certificate. Let’s Encrypt provides free HTTPS certificates. Many low-cost options also exist.
Installing an SSL certificate is not always a straight forward task. Having an implementation plan will reduce unpleasant surprises.
Small business web site owners should contact their web host or IT specialist to determine whether their site is being served securely. If not, the time to act is now.