Recently I received a message from Google, telling me that starting in October all visitors to SundinInc.com using Chrome would be informed that our site was not secure.
And, research shows, it’s not going to be a subtle warning:
As you can see from the message, the issue is that there are input fields – specifically a search box in the footer of each page – which will trigger the warning.
I’ve seen many describe Google’s recent move to require security on any site that has any form of input as “bullying,” and it’s easy to see why. The fact is, nothing on our site, perhaps with the exception of the WordPress login, requires extra security. We do not accept credit card payments, or collect non-public personal information. The one place someone may be able to find sensitive information would be within our project management site, which is hosted with, and secured by, a third-party. So why do we need to secure our site?
Because Google said so. And, because according to Analytics, over 50% of the visitor sessions to our site during the first 6 months of the year used Google Chrome.
Don’t get me wrong. There are other benefits to adding security to the site – including preventing DDOS and Brute Force Attacks, as well as server and site hack attempts – but we had evaluated the risks and taken other steps to mitigate these risks.
According to Google, the way to fix the problem is to simply migrate to HTTPS. Unfortunately, it’s not always that easy. For example, when we tried to push all traffic from http to https, we found the site stopped working. Fortunately for us, WordPress plugins such as Really Simple SSL helped us make the switch because it “automatically detects your settings and configures your website to run over https.”
To learn more about Google’s efforts to keep us all secure, visit their blog – Next Steps Towards More Connection Security. And if you haven’t secured your site, you better get to it.
Because, Google is watching.