Google Search Console has started sending out notices to sites that have not yet migrated to HTTPS. Chrome 61 is now in beta and version 62 is on track to begin marking HTTP pages as “NOT SECURE” beginning in October. It will show the warning if it detects any forms on the page that transmit passwords, credit cards, or any text input fields that the browser deems are in need of HTTPS protection. All HTTP pages in incognito mode will trigger the warning.
In January 2017, Chrome version 56 began marking sites that transmit passwords or credit cards as non-secure as part of its long-term plan to mark all HTTP sites as non-secure. The warning will become more prominent as time goes on.
“Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS,” Chrome Security Team Emily Schechter said.
The email sent out from the Google Search Console urges site owners to fix the problem by migrating to HTTPS. Hosting companies that specialize in WordPress are making it easier than ever to make the switch. Many of them have added Let’s Encrypt integration to offer free certificates to customers. As of 2017, WordPress now only recommends hosting partners that provide SSL certificates by default.
Thanks to the push towards HTTPS from Google, web browsers, hosting companies, and the 100+ million certificates issued by Let’s Encrypt, the percentage of pageloads over HTTPS is now approaching 60%, according to Firefox Telemetry.