Http ‘Not Secure’
A number of clients have recently received messages from Google Search Console letting them know that Google Chrome will begin to show a ‘NOT SECURE’ warning to users on pages that involve transfer of data between the user and the server. Already they have been showing an information symbol for http pages which when clicked on tells the user that the site is not secure. That “not secure” message is about to get much more prominent.
So what’s the beef with http?
In most basic terms without https any communication between the user and the web server is potentially exposing any information that is transferred. It has become the norm for ecommerce sites and other sites dealing in sensitive data to use https for quite a while now, however even the most basic WordPress installation there are pages where information is transferred between the user and the server. Furthermore not using https means that a attacker could tamper with information going back and forth to the server.
Google engineer Emily Stark gives a much better explanation than I ever could.
How to Avoid the “Not Secure” Warning on Google Chrome
Google have a post on how to avoid the not secure warning in Chrome. The long and the short of it is that you should really invest in an SSL certificate and use https everywhere. Installing an SSL Certificate can be a bit of a pain, but the good news is that if you have a WordPress maintenance plan with us we’ll do that for you!