With fraudulent Internet activity on the rise, many business owners are taking a good look at their website’s security. Should you run your website securely under HTTPS which offers an additional layer of security or should you stick with the standard HTTP web transfer protocol?
These days, we highly recommend all websites run under HTTPS even if they are simple and do not collect private information or process financial transactions. HTTPS is quickly becoming the standard so you might as well get ahead of the game and migrate if you haven’t already. Looking at the recent Google notices, we are quite certain HTTPS will be the norm before we know it.
What is HTTPS and Why Do You Need It?
HTTPS is a secure version of the HTTP protocol used to access websites and transfer information on the Internet. It creates a secure connection and encrypts the data sent between a user’s browser and your website. Encryption protects the confidentiality of digital data transmitted on the web and ensures information in transit is protected from attackers. HTTPS also tells your browser to display an icon to your website visitors indicating the site is secure. This is typically in the form of a green padlock in front of the web address.
HTTPS secures and encrypts your private information.
No Reason to Wait
It’s not expensive. SSL certificate prices are down and are also discounted for longer term certificates. There are even free alternatives available.
It’s not difficult to setup. There are alot of steps involved but a qualified developer will know exactly what to do.
It does not slow site performance. Some people think running HTTPS will slow a website down. With advancements in certificate technology (SSL being succeeded by TLS), this couldn’t be further from the truth. In fact HTTP vs HTTPS tests show sites load faster over HTTPS.
Running your site over HTTPS has benefits beyond just encrypting and securing website data.
So, with all these benefits, you should plan to migrate to HTTPS now.
Google’s Warning – Full HTTPS and Mixed-Content
In August 2017, Google sent notifications to site owners via Search Console regarding HTTPS. Google will begin marking non-HTTPS pages that contain text input fields, for example contact forms and search bars, as “NOT SECURE” in Chrome 62 starting in October 2017. Google and other large web services want sites to execute fully under HTTPS. In other words, you are being encouraged to run ALL of your pages and content, not just some of it, over HTTPS. If you choose not to, browsers will alert your users.
Some browsers including Chrome are beginning to “warn” users they may be at risk and will display a site as grayed out in the browser bar if not fully secure. Secure sites will display a green padlock next to your web address.
So alarms are about to go off if your site isn’t HTTPS and it could impact your ranking on Google!
Contact us if you have questions about moving your site to HTTPS.
Further Reading and Resources