Google announced "Not Secure" warning starting July 2018

[Artashes]

I follow our member Conor (aka @BigRedSEO around the forums) on Facebook and today he posted a video informing his audience that Google announced "Not Secure" warning will come into action starting July 2018, if you don't have an active SSL installed on your website.

The video is only a minute and a half, but he explains what Google intends to do, what it means for your website and how you can a problem from arising.

https://www.facebook.com/conortreacy/videos/10214669780688465/

 

[easyhostmedia]

I follow our member Conor (aka @BigRedSEO around the forums) on Facebook and today he posted a video informing his audience that Google announced "Not Secure" warning will come into action starting July 2018, if you don't have an active SSL installed on your website.

The video is only a minute and a half, but he explains what Google intends to do, what it means for your website and how you can a problem from arising.

https://www.facebook.com/conortreacy/videos/10214669780688465/

all browsers are doing this

https://www.thesslstore.com/blog/firefox-announces-secure-contexts-everywhere-new-features/

https://www.thesslstore.com/blog/firefox-require-https-appcache/

 

[bigredseo]

I hate the fact that the screen sharing didn't work, but it did help keep that video nice and short! Thanks for sharing it Artashes!

In the next few weeks, the mad scramble will start to speed up as users try to get their sites secure.

As @easyhostmedia mentioned, this is happening on FireFox and will also be happening on Bing too. Timelines vary with different browsers, but at the end of the day, the goal is for EVERYONE to be on HTTPS connections all the time.

 

[easyhostmedia]

I hate the fact that the screen sharing didn't work, but it did help keep that video nice and short! Thanks for sharing it Artashes!

In the next few weeks, the mad scramble will start to speed up as users try to get their sites secure.

As @easyhostmedia mentioned, this is happening on FireFox and will also be happening on Bing too. Timelines vary with different browsers, but at the end of the day, the goal is for EVERYONE to be on HTTPS connections all the time.

a lot of people will just get the free ones from cpanel and lets encrypt, which will be fine for simple personal sites, but no good for commercial sites

 

[zomex]

I think it's a good move, there's no reason not to use SSL on all pages for a commercial site.

With personal sites as Terry said the free SSls should do the job.

 

[easyhostmedia]

I think it's a good move, there's no reason not to use SSL on all pages for a commercial site.

With personal sites as Terry said the free SSls should do the job.

It is getting people to understand for commercial sites you really need a paid SSL, but it is like the free Anti Virus brigade.

Why pay when i can get one free, they wont take it in that free AV is limited (hence why it is free) and that a free SSL does not give the same assurance as a paid SSL.

 

[whmcsguru]

Why pay when i can get one free

As a consumer, I'd never buy anything from a site who refused to spend money on a certificate... Ever. These things cost about $1/month, if that, and honestly, if you don't have that money to spend on your business, then you need to be elsewhere.

Now, for a game, or something like that, why the hell not. Long as you don't collect $$$, go for it. that's what LE was designed for.

 

[easyhostmedia]

Now, for a game, or something like that, why the hell not. Long as you don't collect $$$, go for it. that's what LE was designed for.

Yes as i stated a free SSL is fine for personal websites, but not for commercial websites

 

[Cheapest]

so google wants all websites using https? even non loggedin/transaction websites?

 

[easyhostmedia]

so google wants all websites using https? even non loggedin/transaction websites?

Not just Google, but all browsers starting with Firefox and Google Chrome

 

[Cheapest]

Not just Google, but all browsers starting with Firefox and Google Chrome

hmm yeah, but it still feels not right
it will be major change in internet, since most websites url will changed, from http to https, wonder half old websites/webmasters can do that

 

[easyhostmedia]

hmm yeah, but it still feels not right
it will be major change in internet, since most websites url will changed, from http to https, wonder half old websites/webmasters can do that

this is one of the main reason cPanel introduced the AUTOSSL that when enabled adds a free SSL to all accounts that dont have a paid SSL.

It is progress just like any domain that needed and SSL also needed a dedicated IP but then SNI was introduced which means a dedicated IP is no longer needed

 

[MAXKO Hosting]

Its good what cPanel did and gived everyone automatic SSL. But is free SSL good as paid?

 

[easyhostmedia]

Its good what cPanel did and gived everyone automatic SSL. But is free SSL good as paid?

The free certs dont give validation badges, good thing with the free cpanel certs is if you have a paid ssl, this will secure main domain, but not any sub domains, so cpanel auto SSL will add SSL to the sub domains.

 

[zomgmike]

The overlords at google command it, so it shall be done. It's their world, we're just living in it.

 

[easyhostmedia]

The overlords at google command it, so it shall be done. It's their world, we're just living in it.

all browsers are doing the same as it comes from their CA/B forum

 

[arihantwebtech]

Is it important to do? Because it payable services most of people or blogger wont able to purchase this anymore. I think google have to make it free for all or small sites.

 

[easyhostmedia]

Is it important to do? Because it payable services most of people or blogger wont able to purchase this anymore. I think google have to make it free for all or small sites.

what should Google give free. as Google is already free.

Google the same as Firefox and soon Microsoft Edge after instructions from C/AB will be marking any websites running under http as insecure.

so any websites will need to have an SSL certificate, if your site is on Cpanel then your host should be able to set up in their WHM to enable AutoSSL, so that all websites on their server will be given a free DV SSL cert without doing anything.

 

[bigredseo]

Is it important to do? Because it payable services most of people or blogger wont able to purchase this anymore. I think google have to make it free for all or small sites.

When we originally had notice back in 2015 about an SEO boost to those with an SSL, one of the things I thought of was how normal bloggers wouldn't pay for it.

However, these days, many web hosts include the SSL for free. If they're using cPanel, the installation is a breeze (although I've seen a few hosts restrict the free access so they can still charge their clients).

You can also utilize 3rd party places such as Cloudflare which allow an SSL from their end to install - bypass the host, and get CDN on top of it!

There are a number of free SSL providers that browsers do now trust, so the excuse not to have one is pretty weak these days. If your host doesn't provide it, you need a new host.

 

[easyhostmedia]

If they're using cPanel, the installation is a breeze (although I've seen a few hosts restrict the free access so they can still charge their clients).

Only if you are using WHM 60 or above where they have AutoSSL which i had an argument with cpanel as this was added automatically during upgrading to WHM 60 and is default set to enabled, so some hosts would not even know they had it enabled. I only found out after i had a client say they could not install an SSL as the system said they already had an SSL on the domain, which i knew they had not until i checked.
cPanel could not understand my problem when i tried to tell then it should be default disabled as a lot of hosts sell SSL certs and by cpanel giving a hosts clients a free SSL without permission from the host will make a host lose revenue as a lot of clients will not purchase an SSL if they get 1 free.