Upgrade Your Drupal Skills

We trained 1,000+ Drupal Developers over the last decade.

See Advanced Courses NAH, I know Enough

Google Chrome to highlight insecure websites with forms in October 2017

Parent Feed: 

on September 12th, 2017

Late last year, Google announced their mission to make the web more secure in their Security Blog post Moving towards a more secure web.  Google has been promoting the security, speed, and SEO value of Secure Socket Layer (SSL) for over a year and are now using the Google Chrome browser to further awareness.

In a post on the Chromium Blog titled Next steps toward more connection security, they stated:

"Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode."

If your site has any sort of form, even a simple contact form, or if users are logging into your site using the Chrome browser, this affects you.  They continue:

"Eventually, we plan to show the “Not secure” warning for all HTTP pages, even outside Incognito mode. We will publish updates as we approach future releases, but don’t wait to get started moving to HTTPS!"

We have moved a majority of our clients to HTTPS.  We'd love to help you get moved over too!

Recommend Options for an SSL Switchover

Switching over to HTTPS from HTTP is relatively easy:

  1. Acquire an SSL certificate from an established authority.
  2. Configure the SSL certificate
  3. Add a global redirect from HTTP to HTTPS and make necessary adjustments to your CMS.
  4. Test.
  5. Crawl looking for HTTP hard coded links and images and correct.
  6. Update external links that you have control over to HTTPS to maximize SEO.

Options for getting an SSL Certificate

  1. Get an SSL Certificate and install on the server
    Costs will include the certificate, installation of the certificate, testing, and reporting.
  2. Free Shared Certificate from CloudFlare
    By adding any level of CloudFlare to your site and moving the DNS server to CloudFlare you gain a shared SSL certificate for your sites.  This has no certificate cost and a monthly charge only if your needs require a paid CloudFlare plan for particular features. There is some testing and reporting required for this transition.
  3. Free Shared Certificate from Let’s Encrypt
    Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).  This requires root access to the server or a host that provides support for Let's Encrypt and involves installing the certificate on the server and updating that certificate every 90 days.

Contact us today to switch your site to SSL

Photo by Tabby Guarnieri on Unsplash

Original Post: 

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web