September 11, 2016

Google Chrome to start penalizing unencrypted sites

Google Chrome to start penalizing unencrypted sites

Google’s latest attempt at pushing for a more secure web (or exerting its large influence, depending on one’s feelings about the company) is coming to its latest developments for the Chrome web browser.

Starting with the release of Chrome 56 in January, web pages with credit card or password form fields that only use HTTP will display a “not secure” indicator next to the URL. Eventually, this will extend to HTTP pages viewed in Incognito mode, and then to all HTTP pages, using the current warning indicator for broken HTTPS sites.

Google’s been pushing for more secure web sites for some time. It’s even started ranking HTTPS sites a bit higher in search results. Supposedly, half of all the pages loaded in Chrome are now using HTTPS, and even advertisers are getting on board.

It helps that free SSL certificate providers like Let’s Encrypt now exist. Let’s Encrypt is often integrated into web hosts’ cPanel settings, making it easier to set up. As you all know, I’ve switched Anthony’s Notes to HTTPS not too long ago. Based on this Google news, I won’t be alone in doing so.

Some Chrome users, as well as Firefox users, might be interested in trying the HTTPS Everywhere plugin. The plugin’s promoted by the Electronic Frontier Foundation. It forces the browser to use a site’s HTTPS version if one’s available.

Are your sites using HTTPS yet? Any plans on doing so?

Tags: browserChromeGooglesecurityTech