Making Your Website Secure with HTTPS

By: Caitlin Barbin and Oren Baum

Google has been pushing for secure sites and if you haven't done so already, now is the time to switch. If you've noticed the Chrome address bar, it displays whether the site you are on is "secure" or "not secure." This started with Chrome's July 2018 update, and coming this September and October 2018, Google will remove the "secure" marking for sites that are encrypted with HTTPS. Instead, non-secure sites will be marked with "not secure" and this marking will turn red when users enter information such as an email or password.

This is an evolution in the practice of whether or not we need to consider a website secure or not. Encryption is used to avoid eavesdropping by any parties between the web browser and servers handling the information. In ‘the old days’, it was practice that only sites that dealt with secure information or e-commerce needed to be encrypted. Previously, such a label was reserved for websites that, for example, had their encryption certificate expire, or not match the domain a user visited.For many reasons, most of them considered positive, best practices have been moving in the direction that all websites should be secured with encryption. In order to help nudge that mindset in the right direction, Google, through its chrome browser, started labeling sites without encryption as 'insecure'. Google also modified their search ranking algorithm, to give preference to sites that are encrypted over those that are not. Together these and other 'carrot and stick' initiatives help move the bar of what is considered a safe, optimized, and protected website.

HTTP and HTTPS Explained

HTTP stands for HyperText Transfer Protocol and it moves information in plain text between your browser and the web server. Anyone who intercepts this transfer of information can read the plain text, making it insecure. It’s important to keep sensitive data such as passwords and credit cards on websites. HyperText Transfer Protocol Secure (HTTPS) was introduced where an encryption protocol called Secure Socket Layer (SSL) was combined with HTTP, making sites secure. However HTTPS does not protect you from everything such as hacks or hiding your identity — it just makes transferring data safer.

Why HTTPS is Important

More sites have been migrating to HTTPS when Google announced the "secure" and "not secure" markings. From 2014-2017, 31.5% of the top 100,000 domains moved to HTTPS. We can expect more sites to move to HTTPS as Google implements additional changes to emphasize security. There are a few benefits to changing your site to HTTPS:
  1. Gain a Users' Trust

  2. HTTP sites are currently marked as "not secure" in Chrome and that will shortly be changed to red with a warning sign. This may discourage users from browsing or entering information on your site, regardless of the sensitivity of any information requested or the brochure nature of most websites. It’s crucial to give a good impression to first time visitors and not lose potential customers/users to a security warning.
  3. Increase Your Site's Ranking

  4. Google has been seeing a positive reaction to security with more people moving to HTTPS. As an incentive, they are ranking HTTPS sites as higher than those without it. It’s a small boost for now, but Google may increase its effect in the future. This benefit can contribute to your site’s overall ranking in future.
  5. Improved Security for Users

  6. Again, HTTPS helps with keeping your information secure and Google and others want everyone to have a safe experience on the web. When users browse on your secure site, they can be assured that their data and browsing habits can be kept as private as possible.
So HTTPS will be necessary not just to secure your site but to ensure that your users can expect a safe browsing experience as well. Luckily, It can also help increase your site's SEO ranking The process of switching to HTTPS can be intimidating with purchasing an SSL certificate and setting up 301 redirects since your site's addresses change when moving to HTTPS. UpOnline clients don't have to worry as we make this transition for you. Speak to an UpOnline representative to inquire about switching your website to HTTPS.