We’ve known for a while that Google was going to start dinging sites that didn’t encrypt their connections to protect their user’s private communications.  Now we have a date: Jan. 31.  If your hosting company isn’t yet providing nearly free certificates, or totally free ones from Let’s Encrypt or a similar certificate authority then… might be time to think about switching to a better host!

In a pithily titled post, Imminent: Non-HTTPS Sites Labeled “Not Secure” by Chrome, the security firm WordFence says it’s time to get off the… well… fence on SSL certificates for websites that have user logins or ecommerce.

Imminent: Non-HTTPS Sites Labeled ‘Not Secure’ by Chrome This entry was posted in General Security, WordPress Security on January 17, 2017 by Mark Maunder   15 Replies    On approximately January 31st of this month, version 56 of the Chrome web browser will be released. There is a significant change in the way it displays websites that are not using HTTPS, also known as SSL. This change may confuse your site visitors or surprise you if you are not expecting it.

Starting with the release of Chrome 56 this month, any website that is not running HTTPS will have a message appear in the location bar that says ‘Not Secure’ on pages that collect passwords or credit cards. It will look like this:

Source: WordFence blog

If you read the original post you’ll see that over time Google will be tightening it’s requirements even further.  Eventually they’ll put up similar warnings for all plain, unencrypted sites.