Google announced any web page served over HTTP and not HTTPS will be marked as not secure by Chrome starting in July 2018. This is no joke, even static HTML pages that collect zero form data or ask for any information from you will be marked as not secure because they are not over HTTPS.
Obviously, we all expected this would come but it is now really coming. It obviously only impacts your users using Chrome. You won’t be penalized for not being HTTPS in Google’s search results. But if someone is using Chrome and comes to your web page and it is on HTTP Google Chrome will mark it as not secure.
Here is what is changing in the browser bar:
For individual sites, it might be a pain but for someone who runs a platform of sites where the HTML is managed by the user directly, it is a bit more of a pain.
In any event, this doesn’t upset me – as it might upset other webmasters. I do have over 700 synagogue web sites to make HTTPS by default without serving mixed content. So it should be fun but ultimately we are cool with it. We already moved all login forms and data and admin areas to HTTPS, so this last step will be a challenge because it is user/admin controlled content but it will be doable.
Forum discussion at WebmasterWorld.