Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, you need an HTTPS secure page.
What this means is that any pages with a contact form, newsletter form, comments form or checkout form in your website will be marked as NOT SECURE in Google Chrome browser. Most WordPress websites utilise at least one of these.
To avoid this you need to get an SSL certificate to make your WordPress website pages HTTPS. This also gives you that essential little green padlock.
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
Long term – Use HTTPS everywhere
Eventually, Chrome will show a Not Secure warning for all pages served over HTTP, regardless of whether or not the page contains sensitive input fields. You should plan to migrate your site to use HTTPS for all pages. Source: Google developers
Everyone needs an SSL certificate
If you have a maintenance contract with me I will have contacted you already and helped you to get set up with your SSL certificate and you probably have a green padlock by now.
If not, get in touch with your hosting company and ask them about it. Some hosts offer a free option and others you need to pay an annual fee, usually around £60-£200 depending on the size of your organisation. You will need to take advice from your hosting company or web developer on what is the best for you.
Setting up in your WordPress website
It is not just about acquiring an SSL certificate, you need to realign your website too.
You will need to update your WordPress website general settings to change the WordPress Address and the Site Address to HTTPS
You will also need to change all of the URLs in your WordPress website to point to https:// otherwise you will never get that vital green padlock.
You can use the Velvet Blues plugin to update all URLs. Or you can use an SSL plugin but make sure your host is not redirecting the URLs before you use that otherwise you will end up in a mess. Personally I would stick with the first option.
What ever you do make sure you take a backup of your website before you start.