TL;DR: Browsers are now warning users if any sensitive details are passed over non-secure connections. Any pages with a password or credit card details will be marked as ‘Not secure’ in the address bar.
This will progress to become a more obvious message over time. The answer is to get an SSL certificate or use a service like CloudFlare to do it for you. There is no excuse!
Announced by Google back in September 2016, pages on sites that have password fields or any form of card details will be marked as “Not secure”.
This is now a reality and with the recent release of Google Chrome 56, users are being warned that sites are not secure. This is not limited to Chrome though - Firefox also has the same behaviour and I am pretty sure Edge will follow soon too (well, maybe… hopefully).
You can see here on the same site in Chrome 55 there is no warning:
but the same site in Chrome 56 there is the ‘Not Secure’ message in the address bar.
This doesn’t look too bad right now however Google has a plan to increase the warning so that there will be a red message making it a lot more apparent to users. This is what it is going to start looking like:
This is exactly the same as the warning you get when you are using an invalid certificate after accepting the warning.
We believe that it won’t be too long until browsers stop rendering the pages and replace them with the large warnings you get when connecting to sites with invalid certificates.
There is no reason not to secure sites; SSL certificates are freely available with services such as Let’s Encrypt. Another solution is to use CloudFlare and leverage their automated provisioning and managing of SSL certificates for you by proxying all connections to your site.
With the demand for security on the internet increasing; it becomes ever more important to keep everything up to date and patched. Browsers, operating systems and even the date on your computer! For example, removing obsolete cyphers such as RC4 on the source servers is now commonplace to keep up with the fast-moving pace of internet security. As more vulnerabilities are found, ensuring that your own machine is fully up to date is vital.
So if you have a site that isn’t running over SSL, even if it is just a blog or a marketing site, do yourself and your visitors a favour and run on SSL, it’s good for your search engine rankings too!