Chrome will show security warnings on http://
Are you ready for Chromageddon? Click here to find out
Did you get a notice from Google telling you that your website will show errors starting in October?
What would happen to your website if the world’s most popular browser started telling all of your visitors that your site had serious security errors?
Google recently sent out warnings to website owners that don’t have an SSL/TLS certificate. Google is working to make the Internet safer by letting users know that the site they are on is not secure. When a site is not secure users don’t want to put in their contact information or make purchases on the website because their information can be stolen. Any website that has HTTP will be marked as not secure. In order to be secure, your website needs to have HTTPS. HTTPS stands for Hypertext Transfer Protocol Secure – so when your website only has HTTP (with no S) it means your website is not secure to those who are using it. An unsecured website means that hackers can steal important information from users, “listen” to their conversations, and track their web activity. Starting in October, the Google Chrome web browser will warn web users that your site is not safe if it doesn’t contain HTTPS. A lot of web users have restrictions set so they aren’t able to go to a website that isn’t safe, meaning a lot fewer people can see your website. Even if users don’t have this restriction, they may not go to your site because it can’t be trusted that their information will be kept safe. But don’t worry! There are ways to fix this. Don’t have time for this? We can help.
How to Fix HTTP Security Warning
Get a Security Certificate
To enable HTTPS you need to have a security certificate (SSL). The security certificate verifies that your website actually belongs to you or your organization and protects customers from hackers obtaining their information. Security certificates are issued by a certificate authority (CA). You’ll need a high level of security so be sure to choose a 2048-bit key. If you already have a 1024-bit key, upgrade to a 2048-bit key.
Use 301 Redirects
You can set up a 301 redirect to direct your users and search engines to a secure HTTPS page or resource with server-side 301 HTTP redirects.
How to Migrate to HTTPS
Migrating your website to HTTPS takes time and should be carefully planned out to prevent losing ranking positions in search engines. Take these steps to migrate your site to HTTPS safely.
- Buy an SSL Certificate
SSL Certificates are small data files that connect a key to a specific organization’s information. Once installed, it activates the HTTPS protocol, making it safe for your users to use your website. There are different vendors you can buy your SSL certificate from such as GoGetSSl or SSLs.com.
There are different types of certificates to choose from as well.
Domain Validation secures domain/subdomains with no paperwork required and is issued in 5 minutes. Business Validation secures domain/subdomains for business customers with a higher level of security and is issued in 2-4 days. Extended Validation secures domain/subdomains, give you a green address bar with even higher security and is issued in 2-7 days.
- Install Your SSL Certificate
Your web host may help you with this process so check with them first. If not, go to your web host control panel and copy and paste your SSL Certificate into there. Depending on your web host, you may need to find the SSL/TLS menu and find where it says “Install an SSL Certificate”. Once you have installed it, check to make sure your website has HTTPS in front of the URL.
- Update Hard-Coded Links to HTTPS
Since your old site was just HTTP, all the hard-coded links have to be changed to HTTPS. You can do this by using a free tool from Interconnect IT called Database search and replace script in php.
- Update Custom JS, AJAX Libraries to HTTPS
Any custom scripts you may have added need to updated to HTTPS as well. If you don’t update everything you’ll get a mixed content warning that part of your website is safe and part of it is not.
- Add 301 Redirects to HTTPS Content
- Update Your robots.txt File
If you have any hard-coded links or blocking rules in your robots.txt, update them so they point to HTTPS directories or files instead of HTTP.
Free Site Check
Easy, right? No? Relax – we can help.
If this is all making you feel a bit nervous, just fill out the form below to request a free SSL Inspection. We’ll send you a free inspection report indicating your readiness for Chromageddon and whether you might be a good candidate for our Secure Hosting and Migration Service – where we fix the errors, install your SSL, and upgrade your hosting to a premium server – then guarantee that your website will be error free and securely hosted once this disruptive event hits the web.