Google enforcing HTTPS

As of july 2018, Google will mark your website as ‘unsecure’ if you are not using HTTPS. This is done as Google Chrome 68 is released which is sceduled for july later this year.

What this means for you as a business is that you have to implement some extra well needed security on your web pages. If not, you end up risking that customers turn around at your “door” as they see an unsecure message in their browser.

Want to check whether your web page has correctly implemented HTTPS?

As of Chrome 67 you can do a simple test and see if you are being flagged as unsecure. Launch Chrome with the following code:
–enable-features=”EnforceCTForNewCerts<EnforceCTTrial” –force-fieldtrials=”EnforceCTTrial/Group1” –force-fieldtrial-params=”EnforceCTTrial.Group1:date/1525132800”
Version 67 is currently in Beta and should be released soon.

Treatment of HTTP Pages@1x

From a security perspective this is geat news as this leads to a more secure environment for users on the web. By surfing on HTTPS enabled web pages the risk of being spoofed (ending up on a fake page) is significantly less. Something we see as a major problem as hackers get better and the tools used in spoofng are increasingly cheaper and more accessible.

How do you know your web page use HTTPS?

If you see the green https in front of the address your site is secure:
https-example.png

How to implement HTTPS

Depending on who is hosting your web page you might get a free SSL certificates. If not, you have to buy one from suppliers like Digicert, Godaddy, comodo and so on.
Once you have a certificate ask your web host to implement it on your server or set it up by yourself.

In order to set it up yourself, you’ll need to generate a Certificate Signing Request. Basically, this identifies the server and domains you’ll use your certificate with.

The instructions for doing this will be different depending on your server, but generally, you’ll need to:

– Connect to your server via Secure Shell (SSH)
– Run a console command
– Enter your URL and business details
– Copy and paste the text into your account’s SSL request area

Next is to tell your web management tool like WordPress to use SSL and HTTPS.
If we take WordPress as an example you need to head over to Settings – General and scroll down to the “WordPress Adress (URL)” fields and replace “http://” with “https://”
update-http.png

Save your changes and you’re done!

If you need any help in the process dont hesitate to contact us and we can assist in the process.

Mail us on post@cyberon.no or call us on +47 23 89 84 23

Sources:

https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

https://wp-rocket.me/blog/googles-enforcing-https-website-ready-chrome-68/

https://searchengineland.com/effective-july-2018-googles-chrome-browser-will-mark-non-https-sites-as-not-secure-291623

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: