Google have announced that Chrome 56 (coming in January 2017) will mark websites using plain HTTP connections as insecure and show a security warning.
The “not secure” indicator will appear next to the address bar on web pages that have input fields for passwords or credit card numbers.
Over subsequent Google Chrome releases, the scope of the browsers HTTP connection warnings will be expanded. Eventually all websites delivered over HTTP will have a security warning – regardless of what data is being transmitted.
Google’s search engine already penalizes websites that do not support SSL. This new penalty is likely to further motivate website owners to make their pages secure or risk damaging their traffic and sales.
Switching to HTTPS has never been easier. Most established content management systems support running over HTTPS with minimal configuration needed. Furthermore, several free providers of SSL certificates have emerged in recent years; most significantly CloudFlare and Let’s Encrypt.