Website security is a top priority to ensure a positive user experience. Recently, Google announced that they’re rolling out an update to their Google Chrome web browser that will block any insecure “mixed content” starting January 2020. Not only does your website need an SSL certificate, but also every single element of your site needs to be secure, too. When your website has an SSL certificate, it starts with “https” rather than “http” (we’ll go over a quick reminder of the specifics shortly).
Considering that Google Chrome accounts for 58.7% of the web browser market share, this update affects many users visiting your site. Keep reading to learn exactly what this means and how your website could be affected as early as December.
What is an SSL Certificate: Quick Review
Websites with SSL (Secure Socket Layer) certificates use a standard type of data encryption to create a secure connection between web servers and web browsers like Google Chrome. When you have an SSL, it encrypts and decrypts data so third parties like hackers can’t access it. At a glance, you can tell if a site is secure by noting whether it has a “http” or “https” before the rest of the URL.
Security and privacy are the main reasons why you need an SSL certificate. If your website doesn’t have an SSL, it means sensitive data collected through your site (such as credit card information) could be exposed. So, not only does having an SSL protect you from possible cyber attacks, but also it allows your site visitors to trust that their information won’t be stolen.
Last year, Google mandated that all websites accessed through Google Chrome must have an SSL. In an effort to improve Chrome, Google started moving towards a zero tolerance policy for websites without SSL certificates. Now, Google is on a mission to not only force all websites to have an SSL certificate, but also to make sure all content on secure websites has an SSL certificate, too.
How Google is changing its policy on SSL certificates
The reason why we wrote this blog is because Google is moving towards blocking all mixed content on websites by default on Google Chrome. Mixed content refers to what happens when a site’s initial HTML (Hypertext Markup Language) code is loaded over a secure “https” connection, but other resources (such as images) are loaded over an insecure “http” connection. When any “subresources” (images, videos, stylesheets, scripts, etc.) of a site can be loaded insecurely, it gives third parties the opportunity to tamper with them.
Even if the website itself is considered secure with an SSL certificate, mixed content presents an opportunity for hackers to tamper with website content.. Google wants to eradicate the threat this poses to users’ privacy and security on Google Chrome between now and early 2020.
How to Prepare for this Google Chrome SSL Update
Thankfully, there are already plenty of resources available to developers to help them find and fix mixed content. Also, users can enable a setting to opt out of blocking mixed content on certain websites. Communicate with your web development team to figure out what actions need to be taken to find and fix insecure content.
If you have a WordPress website, a plugin like the SSL Insecure Content Fixer could be useful. It’s helpful for everyone involved with a website to understand what an SSL certificate is and why it’s important. For example, mixed content could allow hackers to alter content on your website and change or steal any data transferred through your site (including personal information like credit card numbers).
Wrapping It Up…
If you are proactive about making sure every element and subresource on your website is secure, you’ll fully benefit from Google Chrome’s performance improvements and new features that you would otherwise miss.
At Chainlink, one of our first priorities during a website audit is making sure the site has an SSL certificate. Reach out to us to learn more about how we can help improve and maintain your website. We’d love to chat and provide you with a free consultation. Also, don’t forget to sign up for our newsletter for more exclusive tips.