As of March 2019, browser Google Chrome labeled Websites that do not have an SSL certificate as ‘Not Secure’. By December 2019, as reported by this Website, Chrome will stop showing Websites with “mixed Content”.
All these rules apply not only to your average Sites but even e-commerce Sites. This means that if a potential users surfs your Site, & you do not have an SSL certificate for ALL your Content, the notification in the browser bar will inform them to go elsewhere or risk their device, personal data or both. Obviously, most people faced with such a warning will not pursue the connection further, so Webmasters need to get their act together & ensure that their Site meets these new standards.
What does it mean for users
Basically, an SSL certificate enables HTTPS encrypted data to be sent over the Internet, rather than HTTP data which is in plain text, making it vulnerable to hacking. This standard of security is most important when it comes to dynamic Websites where information is exchanged, such as passwords, usernames, email addresses, & credit card details. But even many static Sites collect newsletter sign ups, so they could also endanger a user if they’re nor adequately secured.
A correctly installed SSL certificate will load the website prefixed by HTTPS rather than HTTP and often show a little lock icon in the browser bar. A redirect should occur to HTTPS, if a user mistakenly uses the incorrect prefix.
What does it mean for Webmasters
Webmasters must install an SSL certificate and make sure that all their content only loads from HTTPS://
How do you get it
In the past an SSL certificate was expensive to buy & had to be renewed annually; also it could only be installed on a dedicated IP address (single, unique IP). Nowadays, free, self-renewing SSL certificates are available from Let’s Encrypt & new protocols mean that you no longer need a Dedicated IP, the entire process has become far less stressful for the webmaster, & a lot cheaper too.
If your Website fails to load under HTTPS, contact your Webhost to find out if they offer to set it up, if not you can investigate Let’s Encrypt for yourself. However, that’s not the end of the story. Webmasters also need to ensure that their Site automatically re-directs to HTTPS.
There are several ways to achieve this:-
Standard Sites
On a non-Wordpess Site, the best method is to ‘force’ a re-direct using the .htaccess file. The following command inserted into the file should do the trick.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
This can be achieved using the Site’s Cpanel (or other) Filemanager, or via FTP.
WordPress
For WordPress you can use the .htaccess file, in the same way as described above, but if you’re uncomfortable about messing with your Site’s code, you can install a WordPress plugin to do the job for you.
A free plugin that will enforce HTTPS compliance for all Content. It has a 4.9 WP rating from over 2600 users.
Also free, this plugin will enforce HTTPS compliance for all Content.
There are other WP plugins, too.
Armed with this information it should be easy for WordPress and non-WordPress webmasters to ensure that they meet Google Chrome’s standards.
