“Chrome currently indicates HTTP connections with a neutral indicator,” writes Emily Schechter of the Chrome Security team. “This doesn’t reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.” That weakness can be used to inject malware seamlessly into unencrypted web traffic, commonly known as an injection attack.
A couple of weeks ago, Google announced that they will mark all HTTP sites as ‘Not Secure’ starting this month (Google Blog).
Therefore, all visitors will be seeing this warning when trying to access your website:
At a later point in time, they will highlight that your website is not secure even more. Additionally, non-secure websites don’t rank as good as secured websites when it comes to search-engine-optimization (SEO). Something Google has implemented even before the announcement.
Reason enough to upgrade as soon as possible.
This could potentially lead to less website traffic and higher bounce rates because users will be unsure about their security. To avoid this, you should take the following steps right now.
- Go to your website and take a look at your address bar. It should show a ‘Secured’ connection.
- If you just see an (i) Icon and the address starts with http:// instead of https:// it means that your website will be affected.
- You can secure your website with Let’s Encrypt. Probably the most popular provider of free SSL certificates. (If you are still unsure, feel free to contact us and we will make sure to secure your website)