Customer: Why did I get this email? Why is it asking: Does your site pass Chrome’s security checks? and there’s a link to scan my site.
Well these are completely loaded questions and in doing research on this subject, I’m thinking it will need to be broken down into multiple posts over the next week.
Basically, Google is updating to Chrome 56. Within this there is a shift in the industry to start marking websites as Secure (green lock in url window), Secure (the whole url bar as green w/green lock) or a Not Secure in the url bar. Which we have already been seeing for some time and for some of the bigger companies, financial institutions & e-commerce sites. Especially with increase in all of the breaches/hacks/attacks that we have been hearing about over the last 2 years.
Excerpt from GoDaddy, more info:
When customers visit your website, they might check the URL in the browser bar to see if it’s a secure HTTPS, rather than HTTP, connection before entering their personal information. But Google research found that many people don’t check first for an HTTPS connection — putting themselves and their information inadvertently at risk, even on some of the world’s most trafficked websites .
The new Google Chrome Not Secure warning puts website security front-and-center.
When a page is loaded in Chrome 56, Google will look for forms that collect passwords and credit card numbers, plus check for valid SSL certificates that provide secure HTTPS connections.
Thus putting a green lock, green url address bar or not secure message in the Url address window which as stated above their research found that people don’t check?
What this means:
Websites that take in sensitive data but are not protected by SSL certificates will be flagged as “Not secure.”
Now Godaddy offers a Free Unsecure Form Scanner for your use. What does it do?
Scans your website for two things:
- Forms that handle login or payment information.
- The installation of an SSL certificate.
This determines whether your site will display the Google Chrome Not Secure warning message to visitors using the latest Chrome browser version.
Now this leads to the ‘Loaded” part:
If your CMS is web/browser based (WordPress, Wix, CMS Lite, and the list goes on) where in order to edit your website you have an Admin log-in window pop up and you do not have a SSL Cert, you will now be marked as Unsecure!
Ok, now your mind is racing with questions or comments:
- I’m just a Blog
- I don’t take Credit Card info, I send them to a third party (PayPal)
- What’s a SSL
- Where do I get one
- But I’ve installed Sitelock, doesn’t that mean I’m secure
- I thought my CMS log-in was secure and why would my admin page effect my security ranking if I don’t meet industry standards for a SSL
- ????????????????????????
- Now what
Don’t Panic!
Remember above I called this an INDUSTRY? It’s a business. As website owners we know that the Internet is not FREE!
- You have to pay to have internet connection
- You need a computer or mobile device,
- Which uses browsers/mobile apps to ‘talk’ to the internet
- Which sells advertisement slots
- The website you visit has to pay to be on the web
- The website has to purchase/lease a name
- The website has to be maintained and updated
So They have just ‘up ed’ the game to have your presence on the web.
The BIG QUESTION: Now What?
Do your research, call your hosting companies and ask questions.
I am not an expert on Security, so I can not advise you on what to do.
I can only give my opinion, which could be a big stinky onion to some, as they are a dime a dozen and everybody has one!
So check back as I do more research, add another layer to my Onion and try to answer some of your questions!
Here’s a Link to the Google Security Blog, Sept 2016:
Moving towards a more secure web
https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html