July 2018. The talk of the Google-pocalypse had been brief and frenzied. Nobody was sure how much havoc the release of Chrome v68 was going to create. When the change came there were some who didn’t notice. There were some who were caught unaware and could only stammer, “It says my site is not secure!” In the end, the Google-pocalypse, looked like this:
Okay, that’s not the level of movie-trailer drama that some were expecting. It’s still clearly something you want to deal with. After all, your website is the first marketing tool customers will judge you on. Here’s the skinny on what’s happening.
Alphabet (they’ll always be Google to me) decided Chrome should take more aggressive measures in warning people about potential security issues with websites they visit. Firefox has also been moving toward the same goal.
In the address bar of your browser, you should see a little green lock. A site that doesn’t have an SSL certificate will not have that little green lock. It will have a circle with the letter ‘i’ in it that gives you a little warning like the image above.
That’s all. Underwhelming for those who’d predicted this:
I have an SSL certificate but it still says we’re not secure!
This will be a very common issue for a while. While you’ve installed a security certificate so that your url has changed from http:// (old-school) to https:// (secure), you may be calling to images or external elements that are not secure.
Let’s say you built a WordPress and added the SSL certificate much later. The way WordPress works, all of the images your page loads are called up by an absolute link. If your site was coded from scratch, the developer may have used relative links. So, your page could be calling to images which are linked to in these two ways:
http://example.com/images/dont_panic.png
or
/images/dont_panic.png
Note the http:// (without an s) in the first example. If your site is programmed like the first example, it is calling to non-secure images. The second way, it will call to images that are protected by your SSL certificate. The same could be happening with internal links and redirects but it’s most likely to happen with images.
There are a few different ways to solve each of those problems. They can be tricky and may be very specific to your site, but none of these problems are insurmountable.
How hard should I panic right now?
Hard, man. Panic really hard.
Just kidding.
Don’t go flailing your arms like a muppet just yet. Earlier this year, I was seeing predictions that almost two thirds of sites would have the same problem. It’s going to be a process for many sites out there.
Nevertheless, you don’t want to lose any potential customers by happening to be the first site they see with this issue. Proceed, in a calm and orderly fashion to your IT department to show them the browser warning and ask about an SSL certificate. Then find a developer who can take care of any straggling issues of warnings you still see.
Now breathe.
We don’t panic. Contact us.