Back to blog index

Web security: Why your site should be using HTTPS

HTTPS is the secure version of HTTP. The S stands for ‘Secure’. It not only means that the data sent between your website and browser is encrypted, it means a safe future for the web for everyone.

What is HTTPS?

Imagine sitting in a café with your bank statement on the table, and trying to have a conversation on the phone with your bank manager. With lots of prying eyes and ears around, it’s possible some of your private information may be seen or heard by other people. Wouldn’t you rather sit in a private room to make that call? HTTPS acts like that secure room to protect your personal information.

https_iconHTTPS (Hyper Text Transfer Protocol Secure) utilises TLS (previously SSL, and in fact often still referred to as SSL) certificates to establish a uniquely secure connection between a user’s browser and a website, safeguarding all data sent back and forth between the two from any attackers. It protects the identity of users, the integrity of your site so data cannot be modified, and ensures confidentiality meaning hackers cannot read your data.

HTTPS is displayed before the URL in your address bar alongside a little padlock. When an Extended Validation (EV SSL) Certificate is installed on a website, the address bar will turn green. This is a higher class of SSL, used by many high profile websites requiring an additional level of security, such as banks.

What are the benefits of HTTPS?

Data sent over standard HTTP connections is in ‘plain text’ rather than being encrypted. This means it can be read by hackers if they can break the connection between the browser and your website. If the data contains credit card details or passwords, hackers can use this information to commit fraud and steal money.

By using an HTTPS connection:
– Sensitive customer information including credit card details, usernames, private messages, medical documents etc, is encrypted and cannot be intercepted
– Customers are more likely to trust and complete purchases from sites that use HTTPS

My website doesn’t handle security sensitive content, why do I need HTTPS?

Website integrity
Even if your website doesn’t handle transactions or login details, it can still be subjected to misuse by intruders, both malicious attackers and legitimate companies such as ISPs or WI-FI providers who may inject ads onto your site. These can trick users into downloading and installing malware on their computers, or simply upset the user experience of your site, for which you as the site owner, will be held responsible.

chrome_non_secure

From Jan 2017 Chrome will start marking all HTTP pages that collect sensitive information as non-secure

Features and capabilities
HTTPS is now a requirement for many powerful features such as geolocation and push notifications, with further capabilities being withdrawn by various browsers as time goes on. In addition, the next version of HTTP – HTTP/2, is now supported by many browsers including Chrome & Firefox, but only over HTTPS. So if you want to use HTTP/2 (which offers performance optimisation), you have to use HTTPS.

Google is leading the way in its drive to secure the web, with its own browser Chrome often being the first to restrict the functionality available to non-secure HTTP sites. From January 2017, Chrome will go one step further and start marking all HTTP pages that collect passwords and credit card information as non-secure. Ultimately Chrome plans to label all HTTP pages as non-secure.

I’m worried it’s going to cost me a lot of money and might slow my site down

You can buy SSL certificates from as little as $4.99 from https://www.ssls.com/. You can even get free certificates from https://letsencrypt.org/. So cost really shouldn’t be an issue. You do however need to spend some time configuring your servers and mapping all URLs across your site.

It’s likely that you will receive some fluctuations in traffic and rankings whilst the search engines establish you are no longer on HTTP but HTTPS. However if you follow best practice and serve 301 redirects, any negative impact should be minimised. Namecheap’s guide offers a number of tips.

Got any questions or need any help?

Get in touch with one of our web experts for a chat on 01227 490220 or email solutions@interactive.red

It's only fair to share...Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestShare on TumblrDigg this

Tell us about your project

If you have a new business enquiry, a cracking project idea or simply want to have a chat and explore how we can work together, we'd love to hear from you.