The most popular web browser in the world, Google Chrome, has implemented a significant user interface change that notifies users when a website form that includes a password or credit card field is in an insecure site.
If a form is viewed in a regular HTTP page and not an SSL/HTTPS page a Google default setting will produce a “red alert” message that looks something like this:
Remember, in HTTPS, the “S” stands for “security”.
This is a very important change forcing business websites everywhere to adhere to security protocols to better protect their users.
So, how do you ensure that your website (containing forms) complies to this major browser security update?
Here are some tips for ensuring your website’s security:
-
- Install a SSL (Secure Sockets Layer) certificate and configure the content management system your site uses (such as WordPress). We can help.
-
- Ensure that all internal links on your site point to HTTPS urls. External links should point to the new HTTPS urls. If you’re still getting links to the old HTTP version of your website Google will become confused and you won’t see the benefit of these new links on your website structure. Google won’t be able to tell which is the most authoritative page that should receive a higher ranking.
-
- Make sure that all rel=canonical tags in your HTML don’t point to the old HTTP version. Once your site is changed to HTTPS these tags must be changed to the new HTTPS urls, as this is how Google sees which version of the page should be used to rank. Again, if you still point to the HTTP version Google will become confused over what page should be ranking in search engine results.
-
- Make sure that you’ve mapped out the new HTTPS urls on a page-to-page level, copying the URL structure, the only change will be that now ‘http://’ will be ‘https://’. Once these changes are in place, create a permanent 301 redirect on the page level. Do not 301 redirect everything to the home page as this will kill all your search rankings overnight.
-
- Be sure to test any additional embedded SSL content from different domains on your website (images, forms, any other content). Ensure that there are no cross-site security issues when loading these forms.
Financial firms must be especially cognizant of security when collecting sensitive client and financial information that is stored on servers, so the sooner you can ensure your website’s security protocols are up-to-date, the better.
If your site cannot afford to be down for an extended period, these changes are best first implemented on a testing server before moving to production.
Gate 39 Media clients receive a free upgrade to SSL as part of a firewall included in the hosting service. If you are a client and have not yet implemented an SSL or aren’t sure, contact us to implement your upgrade.