US Military “Not Secure”

Welcome back Rankers! Have you got all your HTTP done? We were talking to a few clients at the end of January who still hadn’t had their HTTPS done. Many still had HTTP for most of their sites, but their password areas, their shopping carts, or anywhere they were collecting credit cards they actually had put in place HTTPS. They’d done that earlier but still hadn’t done it on the rest of their site.

We thought, “Well, it’s working, there’s no warnings, should be fine, right?” And it is for the most part. But here’s something disturbing.

A Non-Secure World

I’m using the Chrome 57. Chrome 56 is now out, so the warnings are now showing as ‘Not Secure.’ They’re the ones I showed you a couple of weeks ago, and they are now all live if you have a site that is not using HTTPS on your credit card or password areas. So I was looking at Chrome 57, which is in beta, and this is in the new 56 as well, you can actually go and see the red warnings, and how it applies to every page. If it is HTTP, you will see a warning like this.

So this is the U.S. Army. It is secure according to the browser, as you would expect. This, though, is the U.S. Strategic Command, and as you can see, it shows ‘Not Secure.’ Not the message you want on your website I wouldn’t have thought. Then we have the Navy and Air Force. Both similar. The U.S. House of Representatives is also ‘Not Secure’ according to Google.

Strategic Command Not Secure
Strategic Command Not Secure

Same in Australia. There are so many banks using HTTP, such as Suncorp, and Business Insider magazine who incidentally are running a story on the subject on a ‘Not Secure’ page. Hmm. Bankwest and Bendigo Bank are large banks here, we have Dell computers, and the list goes on and on.

Bendigo Bank not secure
Bendigo Bank not secure

In Australia, we are no better. We have the Australian Signals Directorate, which makes me laugh because they’re the ones that came out in 1998 and told Australia that we should be able to control our citizens and stop them doing naughty things online. That’s when they were trying to censor Australia’s Internet. So their site is ‘Not Secure’, which is unfortunate as their tagline is, “Reveal Their Secrets – Protect Our Own.” They might want to start with getting HTTPS on their site. Our Royal Navy and Air Force aren’t secure, but strangely, our Army has it. Both the U.S. and Australian armies have it, but the corresponding Navies and Air Forces do not. I don’t know why.

ASD Not Secure
ASD Not Secure

No Grey Areas

Now I have this set up on my machine now so I can go and look at any site and immediately see either a green or red warning, or a grey one which will usually mean that parts of the site are secure, others not so. You really need it to appear green in Google Chrome so that you know your HTTPS is correct. So you can see there is going to be a time when you are going to have to get HTTPS on every page.

If you want to set this up yourself and go have a look and those sorts of things, you need to go to chrome://flags/#mark-non-secure-as. Then you need to select ‘Always mark HTTP as actively dangerous.’ The current default state will be ‘Display a verbose state when password or credit card fields are detected on an HTTP page.’ Therefore, there’s only one real place Google can go after this. It’s not going to go half way as keep it as secure on every non-HTTP page. I don’t think they’ll do a grey ‘Not Secure’ on every HTTP. It looks like they are going to go straight for a red warning for HTTP. There won’t be some sort of interim grey warning for HTTP pages that also collect credit cards and passwords. It won’t go to grey ‘Not Secure’ rather it will have the red ‘Not secure’ and that is the next step.

Prepare To Migrate

I don’t know when it is going to happen but it’s already in this browser. It was in 56 and this is 57, so I would think this year. If you haven’t planned to migrate your entire site to HTTPS, even if you don’t collect credit cards or passwords, even if it’s a non-transactional site, you should probably start preparing for it sometime this year.

That is it for this week’s show. Hopefully that’s helpful. If you have any questions, just shoot them through. If you have a review you want doing on a site, or you have questions about SEO, shoot them through and we’ll take a look. If we can do it on the show, we will. Remember to head across to www.bloggersseo.com if you’re a blogger and you want to learn more about SEO. If you want to be notified when we get the latest news out to you, head across to www.stewartmedia.com.au and sign up there. If you’ve already joined and it helped you, please tell your friends. Thanks very much. I’ll see you all next week. Bye.