Starting with the release of Chrome 56 this month, any website that is not running HTTPS will have a message appear in the location bar that says “Not Secure” on pages that collect passwords or credit cards.
This is the first part of a staged rollout that encourages websites to get rid of plain old HTTP.
In an upcoming release Google Chrome will label all non-HTTPS pages in incognito mode as “Not secure” because users using this mode have an increased expectation of privacy.
The final step in the staged rollout will be that Chrome will label all plain HTTP pages as “Not secure”.
The impact on WordPress site owners
Once again, starting on approximately January 31st of this month, any page on your website that is non-HTTPS and has a password form or credit card field will be labeled as “Not secure” in the location bar by Google Chrome. This includes your WordPress login page.
The current timeline for the release of Chrome 56 is unclear. Based on the Chromium development calendar it looks like Chrome 56 may be released on January 31st.
This may confuse your site visitors who sign in to your website because they may interpret the message to indicate that your website has been compromised. They could also interpret the message to mean that your site has some underlying security issue other than being non-HTTPS.
Assuming Chrome 56 will be released on January 31st, that gives you two weeks starting today to get your site running on 100% SSL to avoid the new “Not secure” message appearing on your login pages.
If your site is not HTTPS, what to do
We recommend you start by looking at the support documentation that your hosting provider offers to find out how to set up SSL on their system. You will find that some hosting providers offer free SSL and others have a very easy installation method. If you ignore this and decide to configure things manually you may be making life more difficult for yourself.
Google has a technical description of how to implement SSL on your website. You will also find many guides describing how to set up SSL for WordPress with a simple Google search. But definitely start by visiting your hosting provider support documentation or doing a google search for your hosting provider name and ‘SSL installation’ without quotes.
Please share this with the broader WordPress community to promote the use of SSL across all websites and to help other WordPress site owners stay secure.
Congratulations if you have already set up SSL on your site! You are all set and ready for the new change in Chrome 56 coming later this month.
The current timeline for the release of Chrome 56 is unclear. Based on the Chromium development calendar it looks like Chrome 56 may be released on January 31st. We recommend you start by looking at the support documentation that your hosting provider offers to find out how to set up SSL on their system. Google has a technical description of how to implement SSL on your website.