It’s time to talk about your website security and the many advantages that come with providing your visitors a secure, encrypted browsing experience.
As of February 2017, Google is leading the charge to encourage website owners to serve their content over a secure connection, HTTPS. If your website collects sensitive visitor information such as passwords, credit card information, or even personal data, then Google’s browser Chrome is marking sites without HTTPS as ‘Not secure’ in the address bar.
Whilst at present this is quite an unobtrusive marking, this change is just the first step in Google’s quest for a more secure web. In the future, Chrome will label all HTTP pages with a red triangle to draw further attention to the insecure nature of the connection.
What is HTTPS you ask? HTTP (HyperText Transfer Protocol) and HTTPS (HyperText Transfer Protocol Secure) are both protocols, or languages, for passing information between website servers and clients (i.e a web browser). All you need to know is that HTTPS is a secure connection, whereas HTTP is insecure.
A website served over HTTPS encrypts your visitor’s data and provides integrity so that no unauthorised parties (i.e hackers) can modify or read what’s being sent and received, it also provides authentication to ensure communication only with the intended website.
Why should you switch your website to HTTPS? In an era where concerns about information security are rising and the need to protect personal data becomes paramount, these new in-browser security indications will allow users to make an informed decision about which sites to trust with sensitive information. This may be the difference between a visitor making a purchase or simply interacting with you at all.
HTTPS sites also load significantly faster and offer huge performance improvements in other areas. If you currently have website hosting with Mizzinc, your account is already capable of providing data transfer over HTTP/2 which is entirely another topic in itself, however, it needs HTTPS to take advantage of this.
Still not convinced? Google flat-out said they would start giving preference to sites using the HTTPS protocol. Encrypted sites will earn a slight boost in SEO rankings over their insecure counterparts. Google may even penalise HTTP sites.
Thanks to a number of major sponsors, such as Cisco, Mozilla, Facebook, Siteground and of course Google, a business called Let’s Encrypt ‘gives people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free’. In the past, HTTPS (SSL/TLS) certificates would cost hundreds of dollars per year to own, so it’s fantastic to see a joint effort to benefit the community, beyond the control of any one organisation.
However, it’s not quite plug and play just yet for existing websites and you will need to talk to your website developer to migrate your website over to the HTTPS connection. The migration will also allow for other server improvements to be rolled out too.
It’s all in an effort to provide a much more pleasant and safer experience for everyone. If we all do our part, not only will you hopefully see a positive result for your own website but you’re helping a community to bring new powerful web platform features to light too.