Upgrade Your Site to HTTPS Now as Chrome and Firefox Label HTTP Sites Insecure

It's Time To Upgrade to HTTPS as the Web is Moving to "Secure Communication by Default"

Published on July 24, 2017

If you haven’t upgraded your site to HTTPS yet, take note. By the time Chrome 62 will be launched in just a few weeks’ time, Chrome will mark all HTTP sites with any input fields as insecure.

Google Chrome Showing HTTP Sites as Not Secure - Upgrade Your Site to HTTPS Now as Chrome and Firefox Label HTTP Sites Insecure
Google Chrome Showing HTTP Sites as Not Secure

The internet as we know it is moving rapidly towards a “secure communication by default” era where all traffic will be served over HTTPS. In a recent post by Troy Hunt, he highlighted how much harder things are about to get for website owners who don’t upgrade to HTTPS. This is in large part due to Google Chrome’s not secure messages that are already displayed on sites that are not using HTTPS when users enter passwords or credit card information.

HTTPS has seen mass adoption in the last few months. Let’s Encrypt, the global certificate authority (CA) that offers free certificates to sites in order to implement HTTPS, recently published a graph showing the phenomenal growth in Let’s Encrypt certificates since 2016.

In June 2017, Let’s Encrypt reported that they’ve issued 100 million certificates in only 19 months. It’s a staggering figure if you consider that in the 20 years before Let’s Encrypt launched, only 40% of all page views that were served over the internet were encrypted, and in the 19 months since Let’s Encrypt launched, that number has shot up to almost 58%

Let's Encrypt Stats : 100 Million SSL/TLS Certificates Issued - Upgrade Your Site to HTTPS Now as Chrome and Firefox Label HTTP Sites Insecure
Let's Encrypt Stats : 100 Million SSL/TLS Certificates Issued

Driving factors for the growth towards HTTPS by default can be attributed to the four punch combo that consists of Let’s Encrypt's free SSL certificate, Google's push towards HTTPS by warning users of insecure (HTTP) sites, Firefox's warning messages on insecure sites and the slight SEO boost that Google gives to HTTPS sites.

Google’s push towards HTTPS encryption by default became known way back in 2014 when they first announced HTTPS as an SEO ranking signal. Since then, Google has started using Chrome as leverage towards the HTTPS drive.

Since Chrome 56, users entering passwords or credit card information on HTTP sites already get not secure messages. By the time Chrome 62 will be launched in a few weeks’ time, Chrome will mark all HTTP sites with any input fields as insecure. Simply put: if you visit any website in Chrome 62 onwards and input any data in a text field, Chrome will warn you that the site is insecure.

Ultimately, Google’s objective is to mark all HTTP sites as insecure with a prominent exclamation mark in a red triangle, and the Google Chrome 62 update is merely an incremental update to get there.

Chrome Will Eventually Display a Prominent Not Secure Message on All HTTP Sites - Upgrade Your Site to HTTPS Now as Chrome and Firefox Label HTTP Sites Insecure
Chrome Will Eventually Display a Prominent Not Secure Message on All HTTP Sites

Firefox has also joined the cause, with warning messages being displayed on all versions since Firefox 52 if a user enters a password on an insecure site.

Given that Chrome has 62.4% market share and Firefox has a market share of 7.8% (as of June 2017), feel free to resist upgrading to HTTPS at your own peril.

Chrome 62 Warns that HTTP Sites are Insecure When Entering Data - Upgrade Your Site to HTTPS Now as Chrome and Firefox Label HTTP Sites Insecure
Chrome 62 Warns that HTTP Sites are Insecure When Entering Data
Chrome Has Been Showing Not Secure Messages When Entering Passwords Since Chrome 56 - Upgrade Your Site to HTTPS Now as Chrome and Firefox Label HTTP Sites Insecure
Chrome Has Been Showing Not Secure Messages When Entering Passwords Since Chrome 56

While some people feel that Google is stepping out of their lane, this is a push towards a better internet for all, and certainly, one that we should all support. Google might be the loudest voice in the fight to securing the web, but it's certainly not alone. Let's Encrypt and Firefox has been very active and instrumental in the HTTPS growth to date.

Members of the tech community have been very supportive of the move towards "secure by default" with Troy Hunt and Scott Helme being particularly vocal about it.

If you're not sure why you need HTTPS, think of HTTPS as a secure tunnel in which all communications between your browser and an HTTPS enabled site are secure and encrypted. This means you’re protected from governments or ISPs spying on you - even if you’re using public networks or WIFI. HTTPS protects the privacy of users, whilst making sites more secure and harder to hack.

With Google's hard stance towards HTTP as an insecure transport protocol and the advent of free SSL certificates being made available by Let's Encrypt, we're seeing a revolution taking place. Everyone's adopting HTTPS and it's all happening very fast. We can certainly expect mass adoption of HTTPS to continue in the next few months until the majority of sites will inevitably serve traffic over HTTPS in the near future.

Upgrade Your Site to HTTPS with Free Let's Encrypt Certificates

Historically, HTTPS certificates were expensive to buy, and the cost had to be paid on an annual basis. That all changed when Let’s Encrypt, a nonprofit organization, launched in April 2016 with the purpose of offering free SSL/TLS certificates.

If your site is not using HTTPS yet, now is the time to upgrade.