Why we’re using https and why you should too.
Last updated on
As a web development company, it’s our job to stay up on best practices and new technologies. For the past 9 months, we’ve been closely tracking the way the winds have been blowing when it comes to securing a website. Below, we explain what https means, why it’s important, and why your website needs to have it.
What is https?
HTTPS stands for Hyper Text Transfer Protocol Secure. When you access a website via a web browser such as Chrome, Edge, Firefox, Safari, etc., data is sent between your browser and the website that you are connected to. HTTP is the regular protocol used to send this data. The “s” tagged onto it, means that the data being sent is secured. To get that “s” on the URL requires SSL – Secure Sockets Layer. Comodo, one of the major issuers of SSL Certificates states that SSL is a “…standard security protocol for establishing encrypted links between a web server and a browser in an online communication. The usage of SSL technology ensures that all data transmitted between the web server and browser remains encrypted.”.
When you purchase an SSL certificate, you provide all the details of your website and company and basically verify you are who you say you are. Without getting into details on purchasing and installing, once the SSL certificate is set up on your web hosting server, it enables that https secure connection between the web server and the browser that connects to it.
Why https is important.
For ecommerce, https has always been a requirement. The SSL Certificate encrypts data such as credit card information when it is passed from the website browser. However, the encryption also works for personal information, passwords, and any other sensitive data which may be entered into your website by a visitor. This level of security keeps nefarious parties from intercepting that data and doing bad things with it. Ergo, https is pretty important on the internet.
There are other benefits to having https on your website URL. Google Developer’s TL;DR version is this:
- Intruders both malignant and benign exploit every unprotected resource between your websites and users.
- Many intruders look at aggregate behaviors to identify your users.
- HTTPS doesn’t just block misuse of your website. It’s also a requirement for many cutting-edge features and an enabling technology for app-like capabilities such as service workers.
Besides, that “little green lock” is really becoming a visual queue of trust. It lets users know a site is secure right off the bat.
Why your website needs to have https.
For ecommerce websites, https has always been mandatory in our book, but now, it’s becoming mandatory for all sites we build.
As early as 2014 (source) search engine giant, Google, has been advocating for https to be used on websites. The buzz in the search engine optimization (SEO) community is that https has become a new ranking factor for sites. Basically, Google is taking this pretty seriously.
Back in December of 2016, WordPress, the content management system which currently powers about 27% of the sites on the internet, announced they’re on board and moving towards https. The platform’s founder stated, that they’re going to “assess which features, such as API authentication, would benefit the most from SSL and make them only enabled when SSL is there.”
On the web of 2017 and beyond, if your website isn’t secure, it may hurt you. So there you have it.
Ready to get https on your website now?
You can always get a certificate through a third party provider such as DigiCert, or you can usually purchase one through your web host and have them assist with setting it up. Then, depending how your website is programmed, you may have to take additional steps to ensure it actually is secure. Many times we’ve seen a site with https in the URL, but the graphic next to it is not a green lock but one of the following:
In this case, it can be tricky to determine exactly why the site isn’t secure (pro tip: it’s often because elements of the site such as images or scripts are still coming through on http). You can try to troubleshoot by using developer tools on your web browser and then going through your website files to correct those.
If you have a WordPress site, you can utilize a pair of plugins to do it the easy way: Really Simple SSL and Insecure Content Fixer. One word of advice, if you happened to turn a plugin like Insecure Content Fixer off, your site will probably go back to being insecure. There is a more elaborate and hands-on way to ensure a WordPress site is totally secured with https, but definitely more geared towards advanced users and web developers.
If you need assistance making sure your site is secure, we can help! Just get in contact.
Learn More About:
... OR JUST HAVE SOME FUN