You may have noticed a change in the Google Chrome browser very recently. This change governs how you see the domains of the sites you’re visiting in the “omnibox” (address bar). Google calls it the Chrome Not Secure warning!
All websites are now consistently labelled at the beginning of the URL with either:
- “Secure | https” and a lock symbol
- The website’s company name, a lock symbol, and “https”
- Nothing but an information symbol and the domain
Here are some examples:
Chrome Not Secure warning
The Chrome Not Secure warning is intended to signal to website users that a site is not secure, and any information that is passed over the connection is vulnerable to hacking.
Here is some more information from Google about how a site’s security status is now going to be demonstrated to users.
While it’s been the case for a while that Google shows websites are secure by including “https” at the beginning of the URL, now websites which are not secure will be properly flagged.
In the near future, there will even be clear warnings shown if a website does not have the proper security in place.
Google’s Chrome 68 update
For the non-developer or non-webmaster, all the changes can be confusing. Security for your site in this instance means the type of connection that your website has with the web server.
Google’s Chrome 68 update (Chrome Not Secure) was rolled out on July 24 2018. Chrome will now flag all sites using the protocol “HTTP” for their connection as unsecured.
“Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default.”
Insisting on the HTTPS protocol is something already in place with Mozilla’s open source Firefox browser. More and more browsers will be coming into line.
The Chrome 68 update (Chrome Not Secure warning) is particularly important because 60% of all internet traffic to your site comes through Google Chrome. It’s by far the most popular browser, beating Internet Explorer by a large margin.
A similar update was originally rolled out in Chrome 56 in 2017. It insisted that pages with forms collecting sensitive data (such as bank account details or passwords) must use a secure connection.
Now the rules apply to all websites, regardless of whether they intend to collect sensitive data.
What does HTTP and HTTPS mean?
HTTP stands for HyperText Transfer Protocol. This means that the data transferred between your site and the server where your database is hosted is packaged according to certain standards.
In HTTP, any data handled by the connection is transferred in plain text. This means it is displayed in words that can literally be read and abused by hackers if they access your connection.
In contrast, HTTPS stands for HyperText Transfer Protocol Secure. It’s an added layer of technology on top of your existing HTTP that basically scrambles the message. This makes sure no one can access the data while it’s in transit.
What is SSL?
To use the “HTTPS” protocol, your site must be protected by a SSL (Secure Sockets Layer) certificate. This ensures the data moving between your site and the server is secured from hackers through encryption.
When a user accesses your website, their browser will automatically check that the they’re requesting domain is correct by verifying it against the certificate.
Although SSL has now technically morphed into TSL (Transport Layer Security), most people still refer to this current technology as SSL.
There are also some different types of SSL certificate – including one which businesses can connect with their company name to make their site look even more official.
When do I need SSL?
Enterprise companies have known for an extremely long time how important security and compliance is for their IT systems. It’s taking small businesses a little longer to catch up. The move to compulsory SSL is not a punishment for businesses. It’s part of a wider move towards making the web more secure and protecting customer data.
Every website needs SSL now and for multiple different reasons. This resource goes into a lot of straight-talking detail about why every single site needs to have SSL protection.
If your knowledge base software is hosted with a Static Site Generator, such as Sphinx, then this update is still going to apply to you. If you are using any kind of dynamic website (and most are) then security should be even more of a top priority for you since there are more opportunities for hacking to occur.
So for example if your knowledge base is collecting data in any way, your site should be secure. This could be through a support widget, feedback form, comment box, or any other kind of interactive page element. There are also many other ways data can be compromised, such as having the IP address redirected.
If you don’t update your site to SSL, you will be penalised in more ways than one.
Is your product documentation secured? Signup now and get a free one!Get Free SSL
What happens if I don’t have SSL?
$172 billion was lost globally in 2017 through cybercrime, although people in general are overconfident about how secure their online behaviour is. 174,523 people were a victim of identity theft or identity fraud in 2017.
Companies themselves don’t get off lightly either. Their share prices permanently fall by an average of 1.8 percent after a serious data breach. A serious attack can also result in a large fine from the ICO (Information Commissioner’s Office).
Cyber security threats are very real. It’s your responsibility to protect any data you handle – especially in compliance with the GDPR. This data includes securing the connection of any websites you maintain.
Google is now rewarding all HTTPS sites with higher rankings and they will load more quickly, so this is very important for knowledge base SEO. This also means your site will be penalised heavily if you don’t have it.
How to install your SSL certificate
When it comes to obtaining an SSL certificate for your company knowledge base, you have four main options:
- Purchase the correct SSL certificate from SSL.com and install it on your site.
- Obtain a free SSL certificate from Let’s Encrypt (which is endorsed by Google) and install it on your site.
- Use software that already comes with a valid SSL certificate enabled (like Document360).
- Install intermediary security software like Cloudflare which protects your site by intercepting the connection between user and server (here’s how to get it for free)
To install SSL on your site, you need to go through a process to verify that you own the domain. This usually involves verifying your email with the certificate provider.
Bear in mind, you must renew your certificate when it expires. The longest you can purchase a certificate for is usually for one year before you must renew it.
Choose Document360 for your knowledge base
One of the advantages of using Document360 to create knowledge base is that every site you create uses HTTPS by default. This is the case even if you choose the custom domain option. You can also set up your knowledge base as a sub-domain of your main site.
Your SSL certificate and yearly renewal are included in the base pricing. So it doesn’t cost any extra to be secure. This means you don’t need to program anything, access any control panels, email anyone, or worry about how you’re going to get an SSL certificate, just to comply with the new rules.
You don’t have to spend time or energy figuring out if your website is secure or not. That’s our job!
Security is one of our top priorities for Document360. Take Document360 for a trial run now.