Nonsecure Collection of Passwords will trigger warnings in Chrome 56

Hi there.

I received this warning email below with the heading: 'Nonsecure Collection of Passwords will trigger warnings in Chrome 56 "

I do not collect passwords, I do not use any eCommerce on this site. I only have a login from on the home page. Could this be the cause of this error?

Here the email received:

Nonsecure Collection of Passwords will trigger warnings in Chrome 56 for http://kusfrontnuus.co.za/
To: owner of http://kusfrontnuus.co.za/
Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS.
The following URLs include input fields for passwords or credit card details that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, and so you can take action to help protect users’ data. The list is not exhaustive.
http://kusfrontnuus.co.za/newsletter/sms-skryf/
The new warning is the first stage of a long-term plan to mark all pages served over the non-encrypted HTTP protocol as “Not Secure”.

  • Sajid

    Hello Ez,
    Hope you are doing good today :slight_smile:

    You are getting this warning because you have password fields on your website more than once, almost on all the pages (at-least those I viewed).

    Google warning does not necessary related to all sites collecting payment information like credit cards. It also states that if you are using password fields, then your users using Chrome 56 will get non-secure warning.

    If you don't have user registration enabled on your site then remove login form that contains password field from front-end pages of your website by limiting the login on your website from wp-login.php file. You can also go one step ahead and hide your wp-login.php url too and use a mapped/encrypted link to login too (most plugin like iThemes Security plugin provide this feature).

    But as you know the warning is for not using HTTPS on your site. So you can completely overcome this by migrating from HTTP to HTTPS. This is free these days and you can get unlimited (fair usage policy) SSL certifications from letsencrypt.org.

    You can also try the google chrome canary (beta version) to see this in action and analyze the consequences.

    Take care and have a nice day :slight_smile:

    Best Regards,
    Sajid - WPMU DEV Support

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.