The HTTPocalypse is coming – Is Your Website Ready?

by Nate Hoffelder

After a decade of running The Digital Reader, Nate is a veteran web publisher with experience in design, maintenance, recovery, and troubleshooting. What little he doesn't know, he can learn.



Tips and Tricks



January 24, 2017

For the past several years Google has tried to encourage everyone to make their websites more secure. Any site that switched from http to https got a small boost in their search engine ranking.

That hasn’t had much impact (I know of dozens of site owners who did not think this was an important issue), so now Google is swapping the carrot for the stick.

Starting in July 2018 Chrome is going to start throwing up red flags whenever a user visits any webpage starting with http instead of https.

This change is coming with the release of Chrome 68, and it’s going to affect every website that has a contact form or a comment section, as well as websites that simply collect emails for a newsletter.

But the thing is, Google isn’t going to be telling website owners that their sites may have a problem; instead, Google is going to be telling users.

Anyone who visits those sites will see a “Not Secure” warning in their address bar when they are on a page with that contact form, comment section, etc.

So if you have a website that has yet to switch to https, in a few short weeks you are going to have people sending you emails expressing concern because Chrome said your site is insecure.

So what does this mean for you?

That really depends on where your website is hosted.

If your site is on Blogger, Squarespace, or WordPress.com, you can take it easy. You either have https already, or it can be enabled with minimal hassle.

But if your site is hosted elsewhere, we’re going to need to look into what it will take.

I’m not playing coy; there are thousands of hosting companies, and each has their own quirks, technical requirements, and unique solutions.

Siteground, for example, lets you add https to a site on its servers simply by clicking the appropriate checkbox in the account admin pages (it cost my client nothing). And as I recall Bluehost was relatively simple, while my hosting company, on the other hand, charges a small annual fee (and did all the work for me).

If you are just looking into this issue now, I can help.

I have helped a couple sites switch to https, including my blog and this site. I have learned the hard way that any instructions that hosting companies will give you will be incomplete (they never tell you everything).

For example, if you use Google Analytics or Google Search Console you will need to change several settings in those services after you switch to https. Also, if you value your social media share counts then you may want to take steps to get credit for the shares that credit the old http version of the site.

And most instructions on this topic leave out the important detail that existing sites will need to force all their content (such as images) to use HTTPS, otherwise the pages and posts you published last week, last month, or last year will not be completely secure. On WordPress sites this can usually be solved with a plugin like SSL Insecure Content Fixer (this one worked on every site I’ve tried).

Please do let me know if I can help you further.

image by Got Credit via Flickr

Stay on Top of Industry News

Subscribe to my mailing list to receive a weekly newsletter containing links to 6 to 8 stories and other interesting tools I found, plus some commentary to explain the context.

Plus, I'll send you a lead magnet design guide, a media kit template, as well as other freebies.

Hi, I'm Nate.

I build and fix websites for authors, and I am also a tech VA. I can build you a website that looks great and turns visitors into fans, and I can also fix your tech when it breaks. Let me fight with tech support so you don’t have to.

My blog has everything you need to know about websites and online services. Don’t see what you need. or want personalized help? Reach out.

Learn More about Me

← Prev: Have you run a security check on your website lately? Next: How to make sure a Wordpress caching plugin is actually Helping Your Site →

Jetpack Stats is No Longer Free – Now What?

Apr 16, 2024

Has anyone else noticed that Jetpack Stats is no longer free? I noticed on Sunday, and a client brought it to my...

Do you have a catastrophe recovery plan for your website?

Apr 14, 2024

Last month I had a graphic reminder of just how bad things can get when a server crashes. While sites do go down at...

eBook Piracy: How to Respond If Someone Steals Your eBook Online

Jun 29, 2023

Sunday, 16 February 2020, was the day that I became a real author. I had been a writer for over a decade now, but...

0 Comments

Submit a Comment Cancel reply

[mfe_send_fox title=”Can I send you my website toolkit?” body=”

I’ve compiled a list of resources, services, and products you can use to build a website. Let me send it to you.

” list=”245728″ label_name=”Name” check_last_name=”off” body_text_align=”center” layout=”top_bottom” first_name_fullwidth=”off” email_fullwidth=”off” _builder_version=”4.10.5″ _module_preset=”default” header_font=”Playfair Display||||||||” header_text_align=”center” header_line_height=”1.5em” background_color=”#22262d” background_layout=”light” custom_margin=”0px|0px|0px|0px|true|true” custom_padding=”||||true|true” hover_enabled=”0″ global_colors_info=”{}” after_submit=”2″ show_message=”Thanks! You’re going to get a confirmation email in about a minute, and as soon as you open that and click the link, you’ll get another email with a link to the toolkit.” sticky_enabled=”0″ _i=”0″ _address=”4.0.0.0″ /]