How many sites do you have? It should not take that long to either remove the search box or switch to https on all of them.

I guess we knew something like this was coming:

posted in April in the Google Chrome Browser forum at WebmasterWorld...

Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.

more HTTP warnings in Chrome:
https://www.webmasterworld.com/google_chrome/4846699.htm [webmasterworld.com]

These warnings will only get more severe going forward until (IMO) eventually there's a huge red X across http pages saying WARNING!

It's also likely http pages will eventually be purged from the SERP.

I agree with keyplyr in that there's a move to force https on the web at large. g is in the cat bird's seat with a major share of browsers to make this happen.

Currently one can get a minimal https certificate for free from LetsEncrypt (though my host says it will cost me $116/yr through their services though if I want to do the LetsEncrypt option that's okay by them, I just have to do it myself) and I suspect that the freebies will dry up once a tipping point (my guess is 70% of all sites, not necessarily global, 70% of those that have TRAFFIC) are switched over to either free or paid certificates and THEN the hammer will fall with required HTTPS.

Not conspiracy theory or end of world commentary, merely an understanding of past history for new tech (go back to the original printing press in the 1400s for an early example of do it free to increase demand/market, or Bell Telephone doing it free from 1880-1891 at general stores and post offices to gin up potential customers, or google free ads for publishers in recent mix). Eventually the average site cost will be host, dns registry, AND security certificate. Base cost for small sites will jump about $100-$300.

We all should do this because a secure web is a better web and a chit-load of current spam will disappear. This is a necessary step, just know it will eventually COST operations, and for most businesses that is a write off at tax time, something to pass along to the customer.

Just be aware that the freebies now AREN'T free. Somewhere down the line you will pay (add echo here: and pay and pay and pay).

TANSTAAFL. The gift horse of free HTTPS certs is a Trojan Horse and we all know how that worked out :)

Chrome is catching up to FF which has been doing this for months. I suspect all the major browsers, and minors, too, will follow suit.

So those of us who haven't switched yet have to decide whether to do this now or wait until the end of the year. Guessing most sites (big ones, especially) won't want to make this change until after Christmas season.

@Musicarl - why wait? It's not much work. You can install the cert, turn on the HTTP at the server, then have your site accessible from both protocols (HTTP & HTTPS) while you take your time and check all the links. Then when you think you've fixed all the unsecure links, install the 301 redirect to HTTPS and do a quick check to make sure everything is working as intended.



- Generic Steps to Switch from HTTP to HTTPS -


• Read all info at your host concerning certificates & switching to HTTPS and when applicable, follow those instructions.

• Install security certificate.

• Have you host enable HTTPS (if needed.) This will enable access from both HTTP & HTTPS.

• Go through site, page by page & make sure all file paths are relative (no protocol.) Test by accessing site using HTTPS and look for any browser alerts.

• Install 301 code in .htaccess file

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Note: your server may require a different code

• Go through site again, page by page, and test. Any remote absolute links will need to be HTTPS including those found in scripts & pluggins. If you publish Adsence or other advertising, links in these scripts need to be HTTPS also (or just remove the protocol altogether.)

• Update sitemap.xml (if applicable) and submit to appropriate agencies (Google, Bing, Yandex, etc)

• In Google Search Council create a new site using HTTPS (do not use the Change of Address form.) It will take a few days to start populating information. This is normal & traffic to old site (HTTP) will drop off accordingly.

• Bing Webmaster Tools, Yandex & others should update automatically once they crawl your new pages. Updating/re-submitting sitemap.xml should speed up this process.

@Musicarl - why wait? It's not much work. You can install the cert, turn on the HTTP at the server, then have your site accessible from both protocols (HTTP & HTTPS) while you take your time and check all the links. Then when you think you've fixed all the unsecure links, install the 301 redirect to HTTPS and do a quick check to make sure everything is working as intended.

Excellent question, and your guide is most helpful. Here are three reasons we're waiting:

1) This site has been online for about 18 years, so there are a lot of moving parts. Would rather have something go wrong in January than in October.

2) We're going to change our link structures at the same time. We're still using URLs like http://example.com/index.php?id=33

This is something we've been meaning to change, so instead of first changing to
https://example.com/index.php?id=33 and then to https://example.com/something/something-else
We'll do it all at once. Lots of testing required.

3) It pains me to lose our Facebook likes. Some of our beloved stories have thousands, and the counters will reset to zero.

Sorry to drag this up again - but:

It's October - Chrome 62 has arrived - and I'm not seeing any security warnings on http pages, in incognito mode or otherwise.

Anyone else getting security warnings?

Yes the warning are being shown. See the discussion at the end of this thread on the topic.
[webmasterworld.com...]