Google Search Console has started sending out notices to sites that have not yet migrated to HTTPS. Chrome 61 is now in beta and version 62 is on track to begin marking HTTP pages as “NOT SECURE” beginning in October. It will show the warning if it detects any forms on the page that transmit passwords, credit cards, or any text input fields that the browser deems are in need of HTTPS protection. All HTTP pages in incognito mode will trigger the warning.
In January 2017, Chrome version 56 began marking sites that transmit passwords or credit cards as non-secure as part of its long-term plan to mark all HTTP sites as non-secure. The warning will become more prominent as time goes on.
“Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS,” Chrome Security Team Emily Schechter said.
The email sent out from the Google Search Console urges site owners to fix the problem by migrating to HTTPS. Hosting companies that specialize in WordPress are making it easier than ever to make the switch. Many of them have added Let’s Encrypt integration to offer free certificates to customers. As of 2017, WordPress now only recommends hosting partners that provide SSL certificates by default.
Thanks to the push towards HTTPS from Google, web browsers, hosting companies, and the 100+ million certificates issued by Let’s Encrypt, the percentage of pageloads over HTTPS is now approaching 60%, according to Firefox Telemetry.
This will become very expensive for a lot of people who use web hosts that do not offer LetsEncrypt, but instead charges a lot of money for SSL. Mine charges $75 per site per year, so with multiple sites, this can get expensive. The host I use, and have for many years, makes me cringe to think I may have to move to a new host with LetsEncrypt, but I may have to make that sacrifice and move.
The fact people will be seeing these warning messages before entering a site, could end up costing a lot of visitors and money to the site owners. People will be scared off when they see the Not Secure messages.