This week one of our clients forwarded us an email from Google that warned them that Google Chrome will soon warn searchers when a website is not secure. With the huge market share that Chrome now boasts, this has the potential quickly kill off half of all search traffic received.
The warning we saw was specifically “Nonsecure Collection of Passwords will trigger warnings in Chrome 56”. The email explained that Google Chrome has started to mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS. While most ecommerce websites are now using secure servers and HTTPS, we do still see many WordPress websites running Woocommerce, and often these sites are not secure.
Google highlighted to our client the specific URLs that included input fields for passwords or credit card details that are now triggering warnings in the Chrome web browser. The warning from Google is designed to help businesses quickly resolve the problem.
Google has been pushing for a secure Internet for several years already, and this really marks the first sign that soon it may start to penalise any ecommerce site that is not secure.
There is some confusion and debate over what an ecommerce site actually is, but in this context at least, it is any website that collects customer payment details. Your website may only need to collect information for a one-time subscription, so in the past, it may have been considered a low risk transaction, but with growing demands for improved consumer protection, every risk, no matter how small, needs to be taken seriously. Only this week we learned that another major website had a data breach, with thousands of payment details stolen by hackers from the Holiday Inn website.
Woocommerce and WordPress
WordPress is the world’s most popular ecommerce platform for small businesses, and the WooCommerce plugin provides a very easy way to set up an online store to sell goods, services and subscriptions.
The ease of setting up an ecommerce site has give rise to concerns over the security of many small businesses, as all too often people install WooCommerce on non-secure domains. This puts customer data at risk.
How to fix this problem
Google provides simple and straightforward advice on how to fix the problem:
Use HTTPS pages to collect sensitive information
To prevent the “Not Secure” notification from appearing when Chrome users visit your site, move collection of password and credit card input fields to pages served using the HTTPS protocol.
You can find out more about this update from Google in their blog post “Moving Towards a More Secure Web.”
If you are concerned that your own business website will be affected by this Google update, speak to one of our technical SEO consultant today.