If so, your site could be penalized after January 2017 with a big red triangle and “not secure” in the address bar.
On Sep. 8, the Google/Chrome security blog said that they’re going to flag sites that are not HTTPS as “not secure,” even in incognito mode.
These are Google engineers saying this. This is serious. A quote from the article:
“Eventually, we plan to label all HTTP pages as non-secure,
and change the HTTP security indicator to the red triangle
that we use for broken HTTPS.”
I bet rankings will also be affected, but that’s not the primary concern. Think about the larger picture. What if a site doesn’t take measures? What if it gets hacked? Do they think their insurance is going to cover them? The insurance company is going to say that the site owner has a fiduciary responsibility to ensure the security of its customers financial data. I wouldn’t be surprised if insurance companies (already?) require this as a minimal level of security.
One of the things that Google nails, is, when they implement something like this, they also tell you how to make the changes necessary to comply. This is no exception.Google’s guide to update our sites is here.
Get it done.