From a long time ago Google wanted to tell us that websites that do not use an SSL Certificate are not safe and every time has been putting more effort to make it clear and visible.
WordPress is not safe or that says Chrome how to fix it?
A long time ago Google wanted to tell us that websites that do not use an SSL Certificate are not safe and every time has been putting more effort to make it clear and visible. In this sense, WordPress is not Safe and browsers such as Google Chrome reflect it.
To introduce this idea in the minds of users, Google considers that sites that still use HTTP as a protocol are vulnerable, as there is a possibility that the content to be delivered to browsers may be modified before it is displayed.
All this started with version 56 of Google Chrome where the “unsafe site” warning was activated for those websites that do not use HTTPS on pages that contain passwords or credit card entry fields. Now he goes a few steps further and wants that from July of 2018 the sites with HTTP are shown as insecure.
Difference between safe and unsafe site
Sites that do not use SSL and continue to show content under HTTP still outperform sites that already work under HTTPS and the major browser developers are working to make users, developers and implementers aware of the importance of distributing more secure content.
According to w3techs.com only 28.5% of all websites operate under HTTPS protocol.
For example, Firefox (browser) has experienced a significant increase in searches that already offer the results under HTTPS as you can see in this graph.
Difference between safe and unsafe site
Before going on to explain this better I want to show you the current difference between a secure site and one marked as insecure.
If you access your website with Google Chrome and do not use an SSL Certificate you will see the following marked in the navigation bar on the left:
If your website uses an SSL Certificate and loads with HTTPS (and you do not have mixed content) you will see the navigation bar, on the left, like this:
Although the difference may seem subtle right now, keep in mind that the ads will be more and more visible, especially for your visitors, and that’s not cool!
According to Matt Mullenweg (CEO of WordPress) in 2016 only 11.45% of active sites using WordPress do so under secure HTTPS protocol.
Google does not like insecure sites
Well neither Google, which exceeds 56% share of Internet browsers nor you should like, mainly because data traveling without encryption are more sensitive to eavesdropping by third applications, especially from unsafe protocols or from connections with Low or almost non-existent security measures.
That is why Google is boosting its campaign against sites that only work under HTTP protocol and will mark ALL sites that do not work with HTTPS as insecure as of July 2018 with the launch of Chrome 68.
It is not just a crusade that Google has undertaken since other large Internet have been moving in this direction to offer a safer Internet, or at least make the data travel more safely.
Think that Google and almost any search engine like to index content from secure sites and browser developers attach great importance to this issue.
Currently, all web browsers have support for SNI except Internet Explorer in Windows XP do you still use it?
There are no excuses for not having a secure site
Certainly this time ago to enable SSL was for a few, Certificates were a bit expensive and were not available to any pocket, at least in terms that can be understood the current democratization of the creation of websites.
Since 2016 (perhaps a bit earlier) in a massive way, free SSL Certificates have entered the market, mainly by Lets Encrypt, which gives the opportunity to any website, large or small, of business projection or as a particular project, to provide of certificates to install in the Hosting and activate for any domain or subdomain associated with the Hosting service.
Therefore, there is no excuse for not activating HTTPS using an SSL Certificate! either Let’s Encrypt or those offered by cPanel Inc. Web company (not self-signed) and SNI compatible.
If you also use WooCommerce in your WordPress installation and access the plugin status page, you will see the following warning if you do not have SSL active in the backend of your woo-commerce.
Google, like other companies in the sector, focuses on building a safer Internet network for all users, and part of the process of building a secure network is to have HTTPS everywhere. HTTPS makes it difficult for your ISP, governments, malicious users, and others to see what you are doing connected.
In the end, to get it, Google wants to make you feel a little embarrassed when a visitor passes through your website and see that you do not use SSL Certificates and force yourself so that your site works with HTTPS and takes action on the matter solving it.
Your website, your users, your products, and sales if you have an online store, and especially the data that is sent from the server where you stay to the browsers of those who visit you will THANK YOU.
Saying this, installing an SSL Certificate is not that difficult, it does not take more than 5 minutes and in exchange, it offers you peace of mind and gives more confidence to your readers, buyers, or visitors. What are you waiting to install it?