8249 West 95th Street, Overland Park, KS 66212

Chrome to Warn About Non-https

Google has been sending emails warning webmasters of an upcoming change to their Chrome browser. Starting in October, Chrome 62 will display a warning to users informing them that a site is not secure if the site collects information from users without using a secure certificate. This change would probably have a dramatic negative impact on engagement and conversion rates of affected websites.

Google non-secure warning email
The warning email Google sent. Click for a larger view.

Some of our clients received this notice from Google and we’re working to secure those sites. One client received a notice with examples of several pages on their site which didn’t have visible forms. The trouble was that in their wonky WordPress theme, page features were enabled or disabled by moving the element off the visible page with negative positioning. What does that mean? It means that on pages without a contact form the theme simply applied a -1000px to the contact form which moved it off the page but still loaded the form. That’s really lazy programming. We’ll be getting rid of that theme soon, of course, but in the meantime it is a good reason to finally convince this client that a cert is worth it.

Google chrome 62 not secure warning
A screenshot of the warning that will be displayed in Chrome version 62. Click for a larger view.

What should you do if you received a similar warning? Install a secure certificate before October. If that’s beyond your technical abilities, contact your webmaster to do it for you. Most hosts will also assist with implementation. I don’t recommend using a free certificate service, nor do I recommend self-signed certs. Buy a certificate from a trusted source. Since you’re going to go through the trouble, I recommend getting what’s called an “Extended Verification” certificate for your website which, for now, displays your business name in the browser bar when someone is on your site. Check the address bar above, you’ll see that we have an EV cert.

An Extended Verification certificate takes more effort to get, but it has the benefit of displaying your business name in the browser bar.

There’s no telling what Google will do in the long run, but my feeling is that they will start to depreciate the ranking of sites that don’t use HTTPS. You don’t want that, so you might as well get a cert now.