Posted By RichC on July 25, 2018
While doing a bit of server housekeeping on the CPP servers and preparing for the eventual push to make all websites secure for users, I ran across a helpful Qualys SSL Labs site to check on certificates, etc. If you are working to get websites updated and compliant for the day ALL site will need to be secure, check out their free scan.
Since I also run a couple WordPress sites (including this blog), I’m looking at a few simple plug-ins, including WP Hide & Security Enhancer to see if it might be worthwhile in adding an additional layer of simple security for clients … although have not tried it yet (only researching).
NEARLY TWO YEARS ago, Google made a pledge: It would name and shame websites with unencrypted connections, a strategy designed to spur web developers to embrace HTTPS encryption. On Tuesday, it finally is following through.
With the launch of Chrome 68, Google now will call out sites with unencrypted connections as “Not Secure” in the URL bar. The move flips the convention of how Chrome displays the security of sites on its head. Previously, pages that deployed HTTPS-enabled encrypted connections featured a green lock icon and the word “Secure” in the URL bar. HTTP sites had a small icon that you could click for more information; if you did, it read “Your connection to this site is not secure. You should not enter any sensitive information on this site (for example, passwords or credit cards), because it could be stolen by attackers.”
It’s a warning worth heeding. Under an unencrypted HTTP connection, any information that you send across the web can be intercepted by a hacker or other bad actor. In extreme cases, like in what are called man-in-the-middle attacks, someone could pose as a destination site—tricking you into handing over your credentials, credit card info, or other sensitive information.
“Encryption is something that web users should expect by default,” says Chrome security product manager Emily Schechter.