With the Chrome 56 release, any website that is not running HTTPS will have a message appear in the location bar that says “Not Secure” on pages that collect passwords or credit card details and the final step in the staged rollout will be that Chrome will label all plain HTTP pages as “Not secure”.

What does this mean for your website?

Any page on your website that is non-HTTPS and has a password form, e.g. login, or credit card field will be labeled as “Not secure” in the location bar by Google Chrome when the new version is launched. This includes any WordPress login page for sites using WP as the CMS where you or users login to access features of your website.

This may confuse your site visitors who sign in to your website because they may interpret the message to indicate that your website has been compromised in some way, but this is not the case. They could also interpret the message to mean that your site has some underlying security issue other than being non-HTTPS and again this is not so.

What Should you do?

Contact us to set up SSL on your website or just for advice if you are unsure what to do. There is a cost, unfortunately, to purchase and set up the necessary security certificates for HTTPS and this varies depending upon which server you are on and which larger company manages that server. We will advise on this and it could be cost effective to switch to a more expensive hosting package with a cheaper SSL certificate to provide a smaller overall annual fee and we can do that migration for you.

Your site will work perfectly well without an SSL certificate and be as secure or insecure as it was before this change to Chrome. We will need to get some more information on how much this will affect search engine optimisation of your website but can advise on the best way forward.