Chrome SSL Not Secure

Alert – Don’t Be Insecure About Your Website

Please forgive me – it’s time to get technical for a moment, but I promise this is something that you really need to be aware of. Google’s Chrome browser is about to implement a change that could have a dramatic impact on how people view your website. And just in time for Valentine’s Day! If you want to skip the technical stuff just scroll to the action items at the end.

Why is it time to get secure?

It’s official, as first announced back in September the upcoming Google Chrome 56 update which will be released on January 31 this year will mark all sites that don’t use HTTPS or SSL as ‘Not Secure’. The reason for the change is that Chrome currently displays HTTP connections with a neutral indicator which doesn’t reflect the true nature of whether an HTTP connection is secure or not. The reason for the change goes to the essence of security; when loading a website over HTTP, someone on the network could intercept and modify the site before it gets to you. The change will be rolled out in gradual steps, for now, this will only apply to pages with password and credit card fields. However, soon it will apply to ALL sites that don’t hold SSL certificates. Eventually, all non-HTTPS pages will show in Google Chrome as ‘Not Secure’:

Chrome Not Secure

The impact on florist websites

Google Chrome is the most popular internet browser and has been since mid-2012 when it surpassed Internet Explorer for the top spot. According to various sources, Chrome accounts for 51%-63% of all visits to websites in December 2016. Across our network of Florist 2.0 websites, we’ve seen Chrome jump from 38% to 40% of visits just from December 2016 to January 2017. This means that if your site is not secure, you risk having between 40%-62% of your website visitors being scared away by the Not Secure warning.

If your site is not secure you risk having 40%-62% of your Valentine's shoppers scared away. Click To Tweet

Lost revenue due to chrome not secure

Stats from Google have shown that already a large portion of web traffic has switched to HTTPS so far and that HTTPS usage is on the rise. However, most florist website providers do not provide SSL for the florist’s domain; it’s usually only for a shared, third party checkout URL. In the past, there has been the argument that SSL may have been too expensive or was too slow, costing visitors and in turn sales to the site. However, this is no longer the case due to new protocols such as HTTP/2 and SPDY – These protocols were produced to transport content on the web, with the focus solely on speed and to decrease latency and improve page load speed in web browsers, they have since become the standard for web servers.

https browsing

Soon when the changes take place, they will have a huge impact on florist’s websites. Any visitor to your website will soon be confronted with a message similar to the image above, labelling the website as ‘Not Secure’. From a user perspective, whether browsing through the site or about to make an initial purchase, seeing the words ‘Not Secure’ all over your site will instantly lead to an interpretation on the customer’s part that the site is firstly not safe to browse on and certainly isn’t safe to make a transaction on – Trust and Security being paramount in the customer decision-making process. As already mentioned, the majority of web providers don’t provide SSL for the florist’s domain; it’s usually only on a shared, third party checkout URL. While this will be okay for the next few days, it could have a catastrophic impact on florist websites and drive visitors (buyers) in the other direction – Perhaps to a competitor whose website isn’t displaying a ‘Not Secure’ message.

So, ask your web provider if they will be ready come January 31st.

Action Items

If you aren’t sure how your site will fare under this new change from Google, here are a few steps you can take.

  1. Visit https://www.whynopadlock.com/ and enter your site’s URL. This tool will test your site to see if it can load fully under HTTPS instead of HTTP.
    why-no-padlock-test
  2. Check if your website supports HTTP/2, a much faster web protocol officially launched in July 2015. https://tools.keycdn.com/http2-test  (Hint: F20 websites do!)

Finally, if your website passes the test, congratulations! If not, it’s time to contact your website provider and ask about their plans and timeline to make you compliant. The deadline is near, and the cost to non-compliant sites could be significant.

Note: At the time of writing we have only confirmed Strider/Florist 2.0 and EpicFlowers as being compliant.

2 thoughts on “Alert – Don’t Be Insecure About Your Website”

  1. Pingback: 5 Easy Ecommerce Tweaks to Take your Business to the Next Level - Canadian Florist Magazine

  2. Pingback: Google: Most Florist Sites Are Not Secure

Comments are closed.