They now show the “not secure” warning text next to every webpage that is not using HTTPS and an SSL certificate.
What exactly is an SSL certificate?
We use an SSL certificate to encrypt requests from a user's device to a server.
Encryption scrambles the data sent to a web server. This makes it impossible for someone to read the request as it travels across the internet.
This is very important for protecting the privacy of your users and keeping their data safe.
When a site uses an SSL certificate you have to use HTTPS.
HTTPS - Is secure and must use a valid SSL certificate
HTTP - Is not secure and does not use an SSL certificate
There are four reasons why your site might say that it is “not secure”:
Your site uses HTTP only
Your site uses HTTPS but the SSL certificate is invalid
Your site uses HTTPS and the SSL certificate has expired
Your site uses HTTPS and has a valid SSL certificate but a page loads an image using HTTP
Let's look at when you should set up HTTPS.
Should I use HTTPS?
Do you ask your users for any data?
This could be anything including a contact form or newsletter signup.
If you ask your users for any personal data on your website then you must use HTTPS.
This can be anything from their name and address to their email.
As a responsible website owner, you should protect your user's privacy.
When in chrome, if a user types into an input box on an insecure site, it will display a red warning:
Now we know why we need to use HTTPS do you still have an SSL certificate?
Should I Have an SSL Certificate?
The short answer is, yes!
You see Google is moving us towards a world where every site uses HTTPS by default.
To use HTTPS you need a valid SSL certificate.
You can not use HTTPS without a valid SSL certificate.
An SSL certificate is a small file that scrambles the data sent to your server.
The server can then read the data using a secret key.
This sounds difficult Steve, should I still do it?
Should I Secure My Site?
Google is pushing the web to be secure by default.
As well as showing the “not secure” warning they have gone a step further.
In October 2019 they announced that all files loaded on a page need to be using HTTPS.
Google has even said that they will start to block the loading of HTTP resources from an HTTPS page in Chrome 79.
As of Chrome 80 if you load even one image without using HTTPS then you will see the “not secure” warning again.
This means that not only should you have a valid SSL certificate on your site to remove the “not secure” warning, all your resources the site loads must also have HTTPS with a valid SSL certificate too.
This may sound complicated but it is now easier than ever to set up an SSL certificate.
And many options are free.
How to get a Free SSL Certificate
Let's Encrypt is the main company behind the free SSL certificate movement.
They have partnered with many companies to offer free SSL certs to us all.
So for example, if you have a Wordpress blog then you can install a plugin to get a free Let's Encrypt certificate.