As of July 2018, all HTTP websites will be marked as “not secure” by Google’s Chrome web browser meaning it’s essential you understand how this change affects your site, and how to secure your RapidWeaver website with HTTPS.
I've written about HTTPS previously, and how Google has been pushing towards a more secure web for several years now. However, starting in July 2018 all HTTP sites will be marked as “not secure” — no matter if your site collects usernames, passwords, or has a form on it — every HTTP site will have the “not secure” warning displayed to the user. You should act now and add HTTPS to your site before the release of Chrome 68 in a few months.
For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.
How to add HTTPS to RapidWeaver
Adding HTTPS to your RapidWeaver site is easier than you might think. Most modern hosting companies will either enable HTTPS by default or give you an easy way to add it via the admin panel for your domain. As there are so many hosts out there, I'd recommend contacting your host for details about their HTTPS support.
However, for most sites, I recommend using CloudFlare as it's quick and easy to install, and gives you a whole host of other features (such as DDOS protection and a CDN). I've written about how to add CloudFlare to your RapidWeaver site previously, but I thought I’d do a quick video explaining how it all works.
If you don't want to use CloudFlare, then your hosting company should offer you an easy way to install and manage an SSL certificate. Doing so will be more work than using CloudFlare, as you'll need to ensure the certificate is correctly installed and renewed yearly.
Managing an SSL certificate does, however, give you “full SSL” — this means that the connection to your server is encrypted, whereas the “flexible SSL” option with CloudFlare means the connection to CloudFlare is secure but isn't between CloudFlare and your server. This isn't something you’ll likely need to worry about and is the reason I suggest you use CloudFlare, but if you want to learn more you can read about the different SSL options with CloudFlare and your server.
Watch of the video above and your site will available over HTTPS in just a few minutes, removing the “not secure” warning that’s coming in Chrome. Happy Weaving!