Over the past several years, Google Chrome has been working towards a more secure web by making it easier to see which websites we visit encrypt the data that they send us, and we send them. The entire internet doesn’t exactly turn on a dime though, so they’ve been rolling out things in phases: Starting in January of 2017, Google Chrome displayed a “Not Secure” message in the URL bar on any pages on which Credit Card information or username and Password inputs, unless that page had an SSL (Secure Socket Layer). Starting in July of 2018, Google Chrome will now display that same “Not Secure” warning on the URL bar of any page that doesn’t have an SSL — whether it has credit card or username/password fields or not.
What’s an SSL?
You may be wondering what an SSL even is — and that’s a fair question. An SSL’s form and function are much more complex than we could go in to in this blog post, but broadly speaking it’s something that encrypts the data that travels back and forth between your website and your customers. This encryption prevents any number of unsavory things, from out and out stealing of credit card information to preventing malicious code from being run during communication between a site and it’s visitors.
You may be wondering what an SSL even is — and that’s a fair question.
You can tell when a webpage is secure (that is, that it has an SSL and is encrypting data) when the address for that webpage uses https:// instead of just http://. Most browsers will also display a “secure” message of some kind — normally a padlock icon to confirm that it’s secure. Look up! There should be one in the address bar for this very page.
What Volusion is Doing to Help
In response to the change made by Google Chrome in January 2017, Volusion worked to implement an optional setting that could be toggled on in order to force all pages on a store to load securely. Prior to this change, any page could be loaded on either http or https interchangeably, depending on what URL a visitor used to load a page.
This means that even if you had an SSL, and your content was secure, the page could display as not secure if it was loading over http instead of https. This has been an available option for some time now, but we opted to not force that on for everyone, as some stores may not be using an SSL at all and relying on external payment options to secure their customers information.
Google Chrome (and likely other browsers to follow) will be displaying a "not secure message" across the board if your website isn’t loading on https.
With this upcoming change in July 2018 however, we’ve decided that it’s best to toggle this on for everyone — as Google Chrome (and likely other browsers to follow) will be displaying a "not secure" message across the board if your website isn’t loading on https. We’ll be making that change in an upcoming release, in time for the new requirements on Google Chrome.
What do You Need to Do?
Provided that your store already has an SSL and the content on your page is secure, you won’t actually need to do anything to prepare for this change — we’ve got it covered. If this isn’t something that you’ve configured on your store, however, there are a few things to be aware of:
You’ll need to purchase an SSL. If it’s purchased from us, our Billing Team will take you through the remainder of the installation process, and you’ll be transmitting data securely in no time!
All references to other websites need to be loading the secure version of that site in order for the entire page to be secure.
After you get an SSL installed, you may see that your page is still showing as insecure. If this is the case, it’s very likely that this is due to some links on your webpage specifically calling the http version of a site and not the https — all references to other websites need to be loading the secure version of that site in order for the entire page to be secure.
Finding insecure content on your website can often be tricky, depending on where that content is hiding. There are a number of useful third party tools that can help you track them down (try Why No Padlock?), but when in doubt you can always contact our helpful support staff and we’ll be happy to give you a hand. (Just click the chat box in the lower right hand corner of your admin!)
For more details on SSLs and security, be sure to check out some of our other blog posts:
- You Purchased an SSL… Now What?
- 5 Things You Should Know Before Buying an SSL Certificate
- 5 Reasons You Should Beware of Free SSL Certificates
Google very often leads the charge with changes to the way we interact with the web, and Chrome is no exception. We’re always working to keep up-to-date on the updates being made, to make sure that you and your business are ready to tackle an ever changing landscape.
Have any questions about these changes? Feel free to ask them in the comments!