All HTTP Sites Will Be Marked Non-Secure on October 27

"Your connection to this site is not secure"- What Does It Mean? How to Fix It?

5 min read

With the release of Chrome 68, Google started displaying a “not secure” warning for HTTP pages. You’ve probably seen this warning already.

Since January 2017, Google has been working on making Chrome safer for its users. The warning tag first applies to all HTTP pages that contained password or credit card fields. Later on, the following pages also started seeing the “not Secure” warning on HTTP pages:

You interact with any input field.
The page contains a password field.
You are browsing in Chrome’s incognito mode.

If any of these conditions is met, the page gets the warning badge.

For online store owners, it reads like that: If your website or some of its pages run on HTTP, your customers will see the warning. This might make them feel doubtful about making a purchase. Remember that Chrome remains the most popular browser, so a lot of your customers can see the badge.

Will my website get the “not secure” Chrome badge?

Open Google Chrome and enter your website URL address. If you see the “secure” badge, you’re fine. That means your website runs on HTTPS, and all data that your website sends to the server and back is encrypted, i.e secure. You’re fine.

If you see http:// (without “s”) in your site address and do not see the “secure” badge — you are affected. Continue reading to find out how to react.

Does Ecwid work on HTTPS? Is it enough?

Your Ecwid store is protected in a number of ways:

All store pages run on an HTTPS connection. Store data is transferred using an encrypted protocol.
Ecwid doesn’t store credit card information itself. Instead, it’s integrated with reliable payment gateways.
Ecwid is PCI DSS certified. It is the gold standard for e-commerce solutions worldwide. Large banks have a certificate of the same level.

Ecwid works on HTTPS

However, if you’ve installed Ecwid on your website that runs on HTTP, the “not secure” badge will still appear. It happens because the browser sees your site as an HTTP non-secure site, even though the customer data is processed via HTTPS.

With the new rules getting stricter, we recommend you to switch to HTTPS as soon as possible, particularly as it’s more affordable than ever before.

How do I avoid the “not secure” Chrome badge on my website?

To make your website look and work securely, you need it to run on HTTPS. Depending on the type of website, you can do it several ways.

Ecwid Instant Site: The entire website is already on HTTPS. You’re fine, no action is required.

Sitebuilders like Wix, Weebly, Squarespace: Enable your SSL certificate in the settings. You can refer to the sitebuilder documentation or support to find out how.

Self-hosted websites (WordPress, Joomla, or custom-built website on your own server). You have two options:

Create a free account at Cloudflare and switch your site to HTTPS easily, or
Buy and install an SSL certificate to your site manually. Learn more →

More resources on HTTPS

Earlier on the blog, we published a detailed blog post about HTTPS. It covers:

How exactly HTTP and HTTPS work
What types of SSL certificates exist and what the difference is between a $60 certificate and a free one
Other benefits of HTTPS

Even if you don’t have a tech mind, this guide will make sense. 😌

Read the post here: How to Use HTTPS Protocol and SSL Certificates to Protect Your Online Store

Sell online

With Ecwid Ecommerce, you can easily sell anywhere, to anyone — across the internet and around the world.

Get started

Marketing and Promotion

Oct 6, 2017

About the author

Matt is a product manager at Ecwid. He works with the Ecwid dev team and helps them shipping the right features for Ecwid merchants. Outside of work, Matt likes travelling and climbing the mountains.