Sunday, April 01, 2018

Google Chrome orders publishers to get SSL on all their sites by July 2018, "or else"



Google is now advising web publishers that its browser Chrome will start marking sites as “unsafe” (so to speak) if they so not have security certificates accessed with https, in July 2018, as in this story.   Google's own link is here
  
The Search Engine Journal offers analysis on Chrome use compared to other browsers.  But it would sound reasonable to wonder if other browsers intend to do the same.

The story (with a sublink) offers a guide for migrating a Wordpress site.  This looks like a time consuming process, but many blog sites probably don’t use a lot of the features of concern. 
  
Google says that the conversion is important even for sites that don’t do ecommerce or require user login.  This seems debatable.  But one problem is that sometimes unencrypted sites allow actors to insert ads (or even scareware) or possibly illegal content into the stream sent by a user, and this may not be picked up by an antivirus product.  It would be a good question whether Microsoft Windows 10, for example, could come up with other ways to disallow man-in-the-middle attacks.
Google first started talking about this in 2014, but the concern has really picked up since about the end of 2016.
  

There is a product called the Unified Communications Certificate (UCC) which Godaddy, for example, explains here, for multiple domain names.  But Comodo systems explains other concepts such as Multi-Domain SSL and Wildcard SSL here.  It appears as of this writing that such a product on BlueHost would still require separate cPanel’s for each domain, but I will check further into this.
I usually announce my own plans on a secured Wordpress “doaskdotellnotes” blog (it has https).  I would anticipate trying to have my other three wordpress domains secured by the end of June, 2018. 

There is a lingering question on Blogger why Google custom domains (when equated to Blogspot blogs) cannot have these certificates.  Will Google change this before its new Chrome policy goes into effect?
  
See the notes at the end of the Jan. 8, 2018 post here

No comments: