Will your food blog be affected by Chrome’s security warnings? 😨

In Security by GezimLeave a Comment

According to some stats, Google’s Chrome browser is used by 64% of the internet.

So, when you get an email from Google itself with the subject, Chrome will show security warnings on YOUR WEBSITE, your hearts starts to pound a little faster…because you’re not crazy!

You probably get the majority of the traffic from Google Search and most people coming to your website are probably using Google Chrome!

What does the email actually mean?

The important part of the email states:

Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.

First off, this change isn’t here just yet. Chrome version 62 will be released in October 2017. This gives you a bit of time to remedy the situation and we’ll cover what you can do in a bit.

“NOT SECURE” warning

This warning will appear in the URL or search bar. Here’s how it appears on My Gluten Free Miami, a Zip Recipes customer.

Chrome's NOT SECURE warning on My Gluten Free Miami food blog

Chrome’s NOT SECURE warning on My Gluten Free Miami food blog

When users enter text

Now, when will this warning appear?

The answer is when your visitors enter text. So, essentially as soon as a visitor starts typing (virtually anywhere) on your website, this warning will appear.

This includes:

  • when visitors try to subscribe to your newsletter (most probably)
  • when visitors search on your website
  • when visitors attempt to comment (unless you’re using another commenting system like JetPack)
  • when visitors try to use the contact form to contact you
  • pretty much when visitors type anything on your website!

Here’s how the warning appears

Chrome warning on food blog as user enters email to subscribe to mailing list

Chrome warning on food blog as user enters email to subscribe to mailing list

Chrome warning on food blog as visitor is about to search

Chrome warning on food blog as visitor is about to search

Why is this happening to you?

In the email, Google mentions “HTTP page”. What does that mean?

HTTP stands for Hypertext Transfer Protocol. If I send you a letter by snail mail, you could say I’m using the Snail Mail Transfer Protocol. That protocol entails that I take a letter, put it in an envelope and, type your address in it and then drop it off at my local post office where I pay a small fee to deliver it to you.

Likewise, when a web page is sent to you, the protocol in use is the Hypertext Transfer Protocol. This ensures that your browser can actually make sense of the web page I might send you.

HTTPS (Hypertext Transfer Protocol Secure)

With HTTP, if I’m at your house or using the same wireless network, say at Starbucks (which is where I happen to be right now), it’s actually quite easy for me, on a different computer to see any text or data you send if the web page you’re interacting with only uses HTTP.

Me working at Starbucks

Me working at Starbucks

This is where HTTP Secure comes in. Before it sends the data and text you type in a website out of your computer, it encrypts it so people sharing the same WiFi network cannot intercept and read your data.

In a nutshell, if your website uses HTTPS, it will be more secure and respect your visitors’ privacy. When it only uses HTTP, the visitor’s data can be read by other people.

Google Chrome wants to warn people and make them more aware when they are on a page that only has HTTP and they are about to send data or text.

I should mention that HTTPS may be referred to as HTTP over Transport Layer Security (TLS) or HTTP over SSL. At the end of the day, they all mean the same thing.

HTTPS (and SSL benefits) for SEO

When you switch your website to use HTTPS (and hence starting using SSL), you will get some awesome SEO advantages:

  • You’ll get more referrer data and be able to see where more of your visitors come from
  • It’s a ranking factor for Google and it’s becoming more important so you should start ranking higher when you switch to HTTPS

How can you add HTTPS to your website?

There are a few steps that you need to take to add HTTPS to your website:

  1. Buy an SSL certificate. These are usually renewed yearly like your domain name.
  2. Add the certificate to your website.
  3. Switch over WordPress and content.

Steps 1 and 2 are usually done through your host. Here are some links for some of the hosts you might be using that cover both buying the certificate and adding it to your website:

Once you’ve purchased the certificate and added it for your domain, you’ll need to do some work to migrate your WordPress installation and content to use HTTPS. You can follow some instructions here.