Posts

Google has announced that it will begin blocking web pages with mixed content in its Chrome web browser starting December of this year. Considering that Chrome is used by more than half of all internet users, this could be a major issue that you may not even know is lurking on your site.

What is Mixed Content?

Mixed content refers to when secure webpages using the HTTPS security protocol include scripts, styles, images, or other content that is delivered through the less secure HTTP protocol.

Even linking to sites still using HTTP can be seen as delivering mixed content on your site.

As Google explains:

“Mixed content degrades the security and user experience of your HTTPS site …Using these resources, an attacker can often take complete control over the page, not just the compromised resource.”

How Google Chrome Will Handle Mixed Content

When the next update for Chrome is released in December, Google will begin doing one of two things when it encounters sites with mixed content:

  1. If an HTTPS version of that resource exists, Google will automatically upgrade that content to the newer secure version.
  2. When no such resource exists, Google will soft block the page. This will include a warning about the security risks of mixed content and an option to access the page despite the risk.

The warning screen may not deter all of your potential customers, but it can disrupt a significant chunk of your traffic, leads, and sales.

Beginning in January of 2020, Google will start taking an even stronger stance by removing the unblock option and completely blocking webpages with insecure content.

How To Check Your Site for Mixed Content

Depending on the size of your site and what platform it is built on, there are a number of free and paid options for scanning your site for mixed content.

JitBit SSL Checker

JitBit SSL Checker is a free online tool that can review up to 400 pages of your site for mixed content.

WordPress Tools

If your site is built on WordPress, you can use the Really Simple SSL Plugin to migrate your content to SSL while also checking for and fixing mixed content.

For those who have already migrated their site to SSL, there is also the SSL Insecure Content Fixer WordPress Plugin. This can scan your site for insecure resources while providing suggestions for fixing these problems.

Tools for Large Sites

Websites with a large number of pages will likely have to use paid tools to check their site. One option is Screaming Frog, which can crawl massive sites and provide insights to a wide variety of issues. One drawback, however, is that while it can pinpoint potential problems on your site, it can not directly assist you in fixing them.

As part of its #NoHacked campaign to raise awareness and prevent site hacking, Google released its latest annual review of hacked sites this week. As the data shows, site hacks will continue to be a major issue for webmasters for the foreseeable future.

From 2015 to 2016, the number of hacked sites grew by 32%. According to Google, hackers are becoming more aggressive but many webmasters are also letting down their guards. Instead of proactively keeping their site and security up to date, a significant number of webmasters are letting their sites become vulnerable and outdated. These sites are easy targets for hackers.

While the number of sites getting hacked is on the rise, Google is willing to show forgiveness to those affected. The company says it approved 84% of reconsiderations requests from webmasters who have cleaned up their site from any hacking. However, Google also says it was unable to inform over half (61%) of affected site owners because their sites were not verified in Search Console.

What To Do If Your Site Has Been Hacked

In addition to the report, Google has also released several new documents aimed at educating webmasters about what to do if your site gets hacked and how to protect yourself.

These new help documents recently released by Google include:

The company has also released help documents focused on specific types of common site hacks, such as Gibberish Hacks, Japanese Keyword Hacks, and Cloaked Keywords Hacks.

How To Prevent Site Hacks

As always, an ounce of prevention is worth a pound of cure. Google’s top recommendation for facing the epidemic of site hacking is to avoid letting it happen in the first place. Specifically, they suggest keeping all software and plug-ins on your site up-to-date and keeping an eye on any announcements from your Content Management System (CMS) provider.

Also, be sure your site is verified in Search Console so Google can notify you in the event your website does get hacked.