Google began sending out warnings to many website owners for collecting passwords on sites that are unsecured. The warnings are related to Google Chrome’s upcoming change that will show some types of non-https webpages as being not secure beginning this month.
Many webmasters reported receiving the emails, Glenn Gabe shared one he received:
Google also posted about the upcoming change to Google+.
From the end of January with Chrome 56, Chrome will mark HTTP sites that collect passwords or credit cards as non-secure. Enabling HTTPS on your whole site is important, but if your site collects passwords, payment info, or any other personal information, it’s critical to use HTTPS. Without HTTPS, bad actors can steal this confidential data. #NoHacked
If any of your webpages accepts passwords or credit card information over an unsecured connection, this new warning will impact your site.
This will also affect any sites that require users to register and/or sign in to leave comments on blogs. Many WordPress blogs, for example, have this functionality turned on, with a password field displayed below every post. These pages will also begin showing these not secure errors when the Chrome update happens.
For those requiring login for comments, you could redirect users to a noindexed page to login first, although this could result in some users not leaving comments, since it adds an additional step in order to leave a comment.
