This is a public service announcement, Chrome 70 is about to drop October 23, 2018. If you are one of the people that had a “web guy” or a “tech savvy friend” set up a WordPress website on cheap hosting platform, and things are just going fine without https because you think you don’t need https or because you don’t do e-commerce…think again.
Reason’s you need https
Search Engine Ranking
Do you like showing up in the google search engine? Sure you do. Well part of Google’s ranking system are sites with https. So if you dont have it, automatic negative ding.
Google doesn’t trust Symantec https Certificates
Google decided that the whole Symantec system of https (and some other smaller https companies) was ….bs. So as a result, if you or your webmaster purchased one from Symantec or a reseller of Symantec…the newer versions of google will first say to your audience to beware of your site, and then later flat out give a much stronger stern warning on around October 23, 2018 when Google plans to release Chrome 70.
Chrome 70 Reckoning is coming October 23, 2018
Google will warn all people browsing sites that the site is insecure in Chrome 70…so mark your calendar. Because that is the day, you absolutely should not wait any longer to make sure your site has https set up correctly. In addition to your google rankings already being demoted…all sites without being viewed in chrome will be given a warning NOT to trust your site…not exactly good for business.
Why should I trust you? You just wanna get people using StoreGear.
True…but you don’t have to take my word for it. Read about it directly here: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eUAKwjihhBs%5B251-275%5D
And then there is a more broad write up here: https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html
A nice highlight:
At the end of July, the Chrome team and the PKI community converged upon a plan to reduce, and ultimately remove, trust in Symantec’s infrastructure in order to uphold users’ security and privacy when browsing the web. This plan, arrived at after significant debate on the blink-dev forum, would allow reasonable time for a transition to new, independently-operated Managed Partner Infrastructure while Symantec modernizes and redesigns its infrastructure to adhere to industry standards. This post reiterates this plan and includes a timeline detailing when site operators may need to obtain new certificates.
On January 19, 2017, a public posting to the mozilla.dev.security.policy newsgroup drew attention to a series of questionable website authentication certificates issued by Symantec Corporation’s PKI. Symantec’s PKI business, which operates a series of Certificate Authorities under various brand names, including Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL, had issued numerous certificates that did not comply with the industry-developed CA/Browser Forum Baseline Requirements.
What you should do to switch to https
We are biased…but we only host websites in https…so our sites aren’t effected. That’s a big advantage in addition to the many other things that make working with StoreGear nice. If you want to work with StoreGear, we can switch most business sites over to our system.
If you don’t want to switch to StoreGear, make sure you are working with somebody that knows how to set up a site to transition to https. Its not as simply as turning on https. Google treats https and http as completely different sites, so you need to properly inform Google of what’s going on and set up all the redirects(in addition to other things) If you are working with somebody that doesn’t know deeply about this stuff…you are working with guys that “think” they know what they are talking about…but don’t…you need to re-think how you handle your website.
In summary: Business owners stay alert! Get your site going with https the right way TODAY and definitely not after Chrome 70 hits the market October 23, 2018.