Is HTTPS Secure? Chrome 70 Update: HTTP vs. HTTPS, Ensuring Your Site’s Security

This article was updated last March 05, 2025.

Google Paving the way for a safer internet. HTTP vs. Hypertext Transfer Protocol Secure — what’s the difference, and are you secure?

What is HTTPS? – Hypertext transfer protocol secure is the secure version of HTTP, the primary protocol used to send data between a web browser and a website. HTTPS is encrypted to make sure that data transfer is safe. This is especially important when people send sensitive information, like when they login to their bank account, email service, or health insurance provider. There are many advantages of HTTPS.

While browsing the Internet, you may have noticed that some sites are now marked as “Not Secure.” This is the outcome of Chrome’s version 68 update. This was one of a series of improvements that had been in the works for a few years! Google’s overarching objective for the upgrades is to transition websites from HTTP to HTTPS in order to provide a better secure internet browsing experience for everyone. To enable HTTPS on a website, a valid SSL certificate must be obtained to encrypt information exchanged between users and the server.

As a result, you can probably see why having a secure connection when accessing any website would be important. However, this is a concerning change for many business owners that still have their sites under HTTP. Simply put, no one wants their customers and visitors to bounce off their websites when they see “Not Secure” displayed prominently, especially when nearly 90% of web users have Google Chrome as their go-to browser. HTTP sites are at risk because they do not encrypt data, making them vulnerable to threats and attacks. Transitioning to HTTPS is crucial for improved security and integrity.

If you are browsing the web using Chrome, you might have noticed a grey lock next to the URL section. If not, check out ours at the top left of your browser. HTTPS connections encrypt data between a web server and a user’s browser to protect against threats like man-in-the-middle attacks, ensuring that information exchanged remains confidential and integrity is maintained throughout the communication process.

Understanding HTTP and HTTPS

HTTP (Hypertext Transfer Protocol) and HTTPS (Hypertext Transfer Protocol Secure) are the backbone protocols of the internet, dictating how data is transmitted between your web browser and web servers. The primary difference between the two lies in the security they offer.

HTTP is the standard protocol that allows devices to communicate over the internet. It operates on a request-response model, where your browser (the client) sends a request to a web server, and the server responds with the requested web page. However, HTTP lacks any form of encryption, meaning the data transmitted can be intercepted and read by unauthorized parties.

HTTPS, on the other hand, takes HTTP a step further by adding a layer of security. It uses a security protocol known as Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL), to encrypt the data being transmitted. This encryption ensures that even if the data is intercepted, it remains unreadable to anyone without the correct decryption keys.

The importance of HTTPS cannot be overstated, especially in today’s digital landscape where cyber threats and data breaches are rampant. HTTPS provides a secure connection between your browser and the web server, protecting sensitive information such as passwords, credit card numbers, and personal data from prying eyes. This secure connection not only safeguards your data but also builds trust with your website visitors, assuring them that their information is safe.

Explore the fundamental differences of HTTP vs. HTTPS and why it matters for your website’s security.

Delve into why securing your website is crucial in today’s digital landscape.

Google is making Secure Site the new norm.

Nowadays, any site not encrypted with HTTPS will have a red warning sign with “Not Secure” next to it. And in some cases, your site may be blocked entirely for anyone who uses Google Chrome. A few years ago, Google was gently nudging everyone to make the switch. Nowadays, it’s a hard-lined approach. Google is essentially saying, “get secure, or get off the web”. HTTP Strict Transport Security (HSTS) helps maintain secure connections by forcing browsers to connect only to the HTTPS site.

Danger, Will Robinson!!

October 2018 marked the Google Chrome 70 update. Unsecured HTTP sites now display in red with a warning sign in the address bar. In some cases, they are blocked entirely.

SSL Certificates and Encryption

SSL certificates are a cornerstone of website security, playing a crucial role in establishing secure connections over the internet. An SSL certificate is a digital certificate that authenticates the identity of a website and encrypts data transmitted between the client and the server.

Here’s how SSL certificates work:

• A website owner purchases an SSL certificate from a trusted Certificate Authority (CA).
• The CA verifies the website’s identity and issues an SSL certificate.
• The SSL certificate is then installed on the website’s server.
• When a client (such as a web browser) connects to the website, the server presents the SSL certificate to the client.
• The client verifies the SSL certificate and establishes a secure connection with the server.
• Data transmitted between the client and server is encrypted using SSL or TLS protocols.

This encryption process ensures that sensitive information, such as passwords, credit card numbers, and personal data, is protected from being intercepted or accessed by unauthorized parties. SSL certificates not only secure data but also enhance your website’s credibility. When web users see the padlock icon or the “https” prefix in the address bar, they know they are on a secure site, which builds trust and confidence.

In conclusion, understanding HTTP and HTTPS, the importance of website security, and the role of SSL certificates and encryption are essential for ensuring that your website is secure and protected. By implementing these security measures, you can protect sensitive information, build trust and credibility with your audience, and prevent data breaches.

Say hello to a Really Simple solution to enable HTTPS.

All that said, this was not doomsday. Why? Because despite what may seem like a headache, is actually pretty easy to fix if you’re using WordPress. First and foremost, you’ll need an SSL certificate. Acquiring one can be either straightforward or a more involved process, depending on your website’s host. In fact, many hosting sites nowadays already include SSL with their service. It is crucial to ensure that your site has a valid certificate to enhance security, especially when accessing websites over insecure networks. If you created a website after 2020, you probably won’t have to worry about this. If you still haven’t caught up — no worries. Here are a few easy steps to take.

Three Really Simple steps:

Obtain an SSL certificate. SSL certificates are issued by Certificate Authorities (CAs), which verify the identity of websites. (Let’s Encrypt has you covered for free.) Download and install the Really Simple SSL plugin if you are using WordPress as your CMS. It takes your website to HTTPS in just one click.

A few last steps to complete the change include updating your sitemap, webmaster tools, CDN, analytics and social share accounts with your updated URL. If you’re already familiar with WordPress, then this is no problem. If not, don’t worry — because Mighty Fine is here to help.  We offer a quick and inexpensive fix for WordPress users. Contact us today, and we’d be more than happy to discuss how we can assist you with it.