Google Chrome to start penalizing unencrypted sites

Google’s latest attempt at pushing for a more secure web (or exerting its large influence, depending on one’s feelings about the company) is coming to its latest developments for the Chrome web browser.

Starting with the release of Chrome 56 in January, web pages with credit card or password form fields that only use HTTP will display a “not secure” indicator next to the URL. Eventually, this will extend to HTTP pages viewed in Incognito mode, and then to all HTTP pages, using the current warning indicator for broken HTTPS sites.

Google’s been pushing for more secure web sites for some time. It’s even started ranking HTTPS sites a bit higher in search results. Supposedly, half of all the pages loaded in Chrome are now using HTTPS, and even advertisers are getting on board.

It helps that free SSL certificate providers like Let’s Encrypt now exist. Let’s Encrypt is often integrated into web hosts’ cPanel settings, making it easier to set up. As you all know, I’ve switched Anthony’s Notes to HTTPS not too long ago. Based on this Google news, I won’t be alone in doing so.

Some Chrome users, as well as Firefox users, might be interested in trying the HTTPS Everywhere plugin. The plugin’s promoted by the Electronic Frontier Foundation. It forces the browser to use a site’s HTTPS version if one’s available.

Are your sites using HTTPS yet? Any plans on doing so?

2 comments

  1. OH wow. Free SSL? That seems too good to be true. What’s the catch? I did some quick looking around for SSL cost and it ranges from $50-$70/year for each domain. If you get a SAN with 25 domains, then it comes out to about $14/year per domain (but only if you buy the 25-domain pack).

    1. Let’s Encrypt (https://letsencrypt.org/) is one of the main entities that’s making the push by Google to emphasize HTTPS possible; no catch. LE’s backed by several major groups (Mozilla, EFF, etc.), is easy to use, and is being integrated into various web hosts’ cPanel software (to make set up even easier). One’s still free to buy SSL certificates, of course, but being available for free is a major game-changer for HTTPS.

Leave a Reply

Your email address will not be published. Required fields are marked *