Starting in July 2018, the Google Chrome web browser displays an 'insecure' warning to visitors of any site that does not have an SSL certificate configured. You can see this by clicking the warning icon in the URL bar to the left of your domain. It appears like this:
You should not enter any sensitive information on this site (for example, passwords or credit cards), because it could be stolen by attackers.
This means you should definitely make sure your website is now using an SSL certificate.
This article gives you an overview of why this is happening and recommended steps on how to update your website.
Why is this happening?
Google has been making a push over the last few years to encourage website owners to protect their site and customer's data by using an SSL certificate.
When an SSL certificate is enabled, all traffic within the domain is encrypted. This ensures all communication of sensitive data (such as credit card information or passwords) is protected.
Are other browsers going to display the same warning?
At this time, only Google Chrome is set to display an insecure warning. However, it's likely that in the very near future, other browsers will follow this example and adopt the same policy.
Does it really matter if my site isn't handling sensitive information?
Yes. As of Feb 2020, the Chrome browser accounts for 82% percent of total browser traffic.
This means that most visitors to your site are probably using Chrome. Even if your site does not handle sensitive data (such as credit card information or passwords), your site will still be marked as 'insecure' by Google. Visitors to your site may be concerned about the warning and choose to avoid your site.
How can I fix my website?
To ensure your website traffic is not affected, it's highly recommended you add an SSL certificate to your website. DreamHost recommends adding either a free 'Let's Encrypt' or paid 'Sectigo' certificate.
A self-signed certificate is not recommended as it will still display a security warning in any browser.
- Adding an SSL certificate overview
- Adding a free Let's Encrypt certificate
- How do I purchase a professionally-signed SSL certificate?
What if Chrome still says the site is insecure after adding the SSL certificate?
It's possible that Chrome will still display the site as insecure after you've added the SSL certificate. This happens due to insecure links in your site. View the following article for details on how to resolve this warning.
Where can I learn more about this?
View the following links for further information: