News

Google imposes HTTPS as the new standard for MemberGate and all subscription sites as we move to a more secure web

HTTPS HyperText Transfer Protocol over SSL (Secure Socket Layer)

HTTPSIn January 2017 online payment security is to get another boost as Google Chrome begins to enforce HTTPS as standard

In the first instance it will be a requirement of all payment and login pages

This will help people know they are safe to enter their credit card details on subscription pages and membership forms

start quoteTo help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we'll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.end quote

Currently, users are encouraged to look out for the padlock on a cart checkout page, so they know that their credit card details are being transmitted securely.

From January, Google Chrome will begin showing a message that the page is not secure, if it does not see the HTTPS

MemberGate has been securing subscription forms with HTTPS since the launch of the program in June 2000, and has continued to adapt as security protocols changed, which included securing the login pages.

While this change only impacts pages where card details are entered, and login pages from January, Google intends to push through the changes for ALL pages over a period of time.

That means that any page on a site that is not server using HTTPS would be marked as Not Secure.

It is also widely expected that the other major browsers, Firefox, Internet Explorer, Edge and Safari will follow suit in the near future, so that eventually all websites will be served using HTTPS

One further impact of this change that we expect to see once the full roll-out of HTTPS is completed, is how Google handles the indexing of websites.

Similarly to when they rolled out the new indexing options for Mobile Compatibility, where results for non-Mobile-Friendly pages were removed from the search results on mobile devices, we fully expect Google to remove from the index any page that is not delivered securely.

If that were to happen, any site that wasn't served over HTTPS would be removed from search results overnight, which would seriously impact traffic hitting your site.

In terms of your MemberGate site, as long as you are running MemberGate Infinity, and have an SSL certificate installed on your site, all of your subscription forms and login pages should be secure, meaning you will comply with the new regulations.

If you don't have an SSL certificate installed on your site, you can purchase an SSL certificate.

Moving forward, we are already working towards compliance for site-wide SSL ahead of the Google roll-out, and will be looking to roll out that update once it is completed.

Google Security Blog