As of October 2017, Google Chrome will display a non-secure warning for all web pages that are not https but require a user to enter data. Web pages such as your contact us page (if it contains a contact us form), a page containing a quote type form for requesting quotes and pages containing a request a callback form will all be affected.
Why has Google introduced this?
In January 2017 Google began its efforts to improve how it communicates the security of http pages and now marks any http pages that request password or credit/debit card details as non-secure. Google is trying to improve data security and a secure connection helps to do so. Http does not provide a secure connection whereas https does. Eventually, Google Chrome plans to display a non-secure message across any webpage, regardless of content or purpose if it is not https.
What is http and https?
Http stands for Hypertext Transfer Protocol and describes the protocol over which information is sent from a user’s website browser to the website they are visiting at the time. Http communicates the data between the user’s browser and the website they visit via plain text. This means that if someone intercepts this communication they can easily read the information being transferred. Https provides the same protocol, but with one big difference, it is secure! The additional layer of security encrypts the data being sent making it extremely difficult for would be hackers to steal this information.
How could this affect my website?
When a user visits your website you want them to feel that any personal data they input into your website is provided over a securely encrypted connection. To date, most website owners were only concerned with the connection whilst their website visitors were transferring credit or debit card information. Google Chrome helped highlight the importance of this with a non-secure warning in the Chrome Browser for non-secure web pages that requested card details, however Google Chrome is now extending this to pages that request any data such as a contact form page that transfers personal contact information such as name, telephone number, address etc.
What will this look like in a Chrome website Browser?
Is my website GDPR compliant without an SSL certificate?
If your website requires the user to enter any of their personal information then it is not compliant with GDPR if it does not have an SSL. If your website does not collect any information then compliance is not an issue, but the fact that Chrome and other browsers will display a ‘not secure’ message could deter potential visitors and therefore the SSL is still highly recommended.
What do I need to do?
If we have contacted you about this it is because there are pages within your website that request information from your website visitors that will be sent over a non-secure connection (http). You will need to purchase an SSL certificate (which assists in the secure layer of the protocol), which we can do for you, and add this to your website to create a https secure connection for your web pages that request information. You can add https to a single page, but with Google’s plan to influence site wide secure connections for all websites it is worth making your whole site https secure because in most cases there is little difference in work required for a single page as opposed to site wide (the whole website).
A redirect rule will then need to be set in place so that all of your http pages that are indexed in Google go to the https version of this website, otherwise, you may lose website traffic from Google’s search engine.
It is important you hire the assistance of a professional web developer to perform the above necessities.
If Verve has not contacted you yet please call us on 01743 360000 for more information.