What is HTTPS Everywhere and Why It Matters to Your Website’s Security
Encrypt your online communications with HTTPS Everywhere.
HTTPS and SSL – two sets of letters that you’ve probably heard a lot about, even if you don’t know what they mean. Essentially, they boil down to a technical signal that your website is secure for browsing and that your visitor’s data and information is safe and secure from vulnerabilities. HTTPS and SSL are the symbols of Internet security.
Improved Internet Security
Staying secure online is a much talked about reality these days, thanks in part to big businesses that have been in the media due to data breaches. What’s more, visitors are used to expecting security when conducting credit card transactions online. Beyond that, Internet security is something many web visitors and businesses take for granted.
So, it may have been surprising when way back in 2014 Google admitted that HTTPS had become a ranking factor for websites. But, when Google says something is helpful, everyone jumps on board. Beyond being a helpful factor for SEO and ranking, having a secure website is good business practice. HTTPS Everywhere and SSL is important. Today we’re going to review why you need it, how it works, and how to get it installed on your website.
Protecting Your Information
Think about your place of business. Your employees have keys and your guests cannot enter until the doors have been opened or they’ve been let in. If you are part of a really large organization, the employees may have badges or nametags for identification. If you were to lose your keys or identification, your business would be left vulnerable. Your business has implemented security measures to keep the actual office safe, but also to protect important documents and data, right?
Well, the same is true for a website. Years ago, websites were basically an online version of a business card. There wasn’t much data being exchanged and visitors were merely browsing. Then the onset of websites came where you could login and become a member. Or, you could shop and make a purchase. Or, you could fill out a form to sign up for important information. With that, all of a sudden your digital footprint that followed you around the Internet started to hold all sorts of data.
Now, while you browse the web you are basically a walking billboard of information about yourself, unless you keep everything secure. Businesses can help protect your data by ensuring their own websites are security compliant.
Internet users have been slowly trained to look for an ‘s’ next to the HTTP, as a signal that a website is secure for browsing and exchanging information. While most Internet users don’t understand the technicalities of HTTPS Everywher and SSL, they know what can happen if their sensitive information is breached. Perhaps their banking system has already been compromised and they’ve had to deal with the hassle of ordering new credit cards and updating banking information. Perhaps their social media accounts have been hacked and they’ve had to spend precious time cleaning things up and resetting passwords. More and more people are expecting security from the websites they visit, and if they don’t find it, they leave.
What is Https Everywhere?
The ‘s’ in HTTPS stands for ‘secure’. When you see this in a URL, coupled with a lock symbol, you know the website you are visiting is encrypted with a secure website connection. Historically, SSL was reserved primarily for websites that collected private information such as passwords, private data, and credit card information. When you visit a website without the ‘s’ you could be on a compromised network, or one that is vulnerable to hackers, the Internet’s version of eavesdroppers.
HTTPS helps protect the privacy of your website visitor. It is no longer enough for you to say you will protect a visitor’s information. Now you must show you are protecting it.
HTTPS makes it harder for hackers to break the connection and steal personal information.
When browsing the web, look for the ‘s’ to know that the website you’re on is trustworthy. Not all websites have converted over to HTTPS Everwhere as yet, so if you are browsing a site that is not secure, just be sure to refrain from passing along your important personal information and data.
What is an SSL Certificate?
An SSL certificate is the indication that your website is officially secure. This is what allows your website browser to establish a secure connection. The browser trusts the secure connection, which in turn a user can also feel safe browsing and even providing private/confidential information.
Our official SSL partner for 1st on the List is DigiCert, a leading SSL certificate authority. We recommend DigiCert because they provide increased speed and load time as well, which is also a valuable SEO feature.
Why You Need HTTPS Everywhere?
Internet visitors are more savvy and have an innate trust associated with HTTPS. Recent media reports of big brands being hacked, compromised, and having personal data leaked has made consumers even more cautious. We side with Google on this one and would like to see every website properly secured. It’s especially important if you collect credit card payments, or if you collect private information (such as name, address, health records, passwords etc.), or you are in a competitive market. Here are other reasons why you should consider HTTPS Everywhere for your website:
- Google now uses HTTPS as an important ranking factor and sites with it tend to rank better. This in itself is an important reason to ensure your website is secure and compliant with HTTPS. With a lot of competition on the Internet, your business should be great at the basics.
- Some popular Internet browsers are giving warnings when web visitors try and access a non-secure website. Therefore, if your site is not secure, you could be missing out on valuable website traffic. In fact, these warnings might just scare your website visitors away.
- Ensuring your website is secure protects your business from the costs of a data breach. This could be a public relations nightmare if your website data was ever breached, not to mention an expensive nightmare, too.
- Visitors are more confident using your website if they know it is secure. As visitors become more confident in their website browsing they have expectations of businesses, including website and data security.
“HTTPS Everywhere” is a term coined by Google. Google has confirmed that HTTPS is a ranking factor dating back to 2014. “Security is a top priority for Google… beyond our own stuff, we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google, are secure… so we’re starting to use HTTPS as a ranking signal…”
Historically, only pages or parts of a website that dealt with sensitive data were secured with an SSL certificate. But, now it is advantageous to secure every single page. In other words, only when an entire website is properly secured with SSL will it earn a ranking advantage.
Are All SSL Certificates Created Equal?
No! Many of the SSL certificates online are SHA-1, which gets more compromised each year. In fact, Google Chrome may even display a warning on websites with SHA-1.
SHA-2 is a much stronger certificate. If you want to ensure your website is deemed trustworthy you can even obtain an SSL EV certificate.
In addition, it is important to regularly check your SSL certificate to ensure it is not vulnerable. Improperly installed or misconfigured SSL certificates can leave you open to attack.
1st on the List provides a complimentary Inspector Report. Ask us for it by calling 1-877-563-0459.
The SSL Handshake – How SSL Works
How does your web browser know a website is secure? Well, it undertakes what is commonly referred to as the SSL Handshake.
- The Internet browser connects to the web server and requests the server to identify itself.
- The server sends a copy of its SSL Certificate
- The browser verifies the certificate to ensure it is valid. If the browser trusts the certificate it creates an encrypted symmetric session key using the server’s public key.
- The server decrypts the symmetric session key using its private key and sends back an acknowledgement to start the encrypted session.
- Server & browser are now encrypted.
How to Purchase and Install an SSL Certificate
Because SSL and HTTPS is more important than ever, installation is best left to the professionals. While you can do it yourself, or have it done through your hosting provider you want to be sure that all configurations are correct and that your website is not vulnerable to insecurities.
In Summary
So, while SSL and HTTPS is essentially good business practice, it is something users are looking for when they visit a website.
HTTPS and SSL are the equivalent of a lock on a door or a code on a safe. Now more than ever it’s important to be secure. The same is true for a website. Internet users are vulnerable when they browse the Internet. They have private data, cookies and Internet session info following along with them. In addition, they make credit card transactions, utilize banking websites, enter their personal data such as their full name and address, and are constantly logging in and out or signing up for things with usernames and passwords. Without security, we’d all be victims of fraud and identity theft by now. That’s why, even when you aren’t conducting a financial transaction, it’s wise to look for websites that are HTTPS.
And, if Google is using it as a ranking factor then it is just all the more reason to jump on board the security bandwagon. But, not all s’s are created equally. Even if you’re only obtaining the certificate to appease Google, it’s important to ensure that your SSL and security is set up and configured correctly. After all, the real goal is to ensure that your website visitors are safe while browsing your website. After all, a data breach could cost your business time, money and reputation!
Beyond the visitor’s point of view, it’s just good business to ensure your website provides adequate security. And if it’s going to help with your SEO, well that’s great too.
Website visitors do not always understand the technicalities of what goes on behind the scenes of a website. They don’t understand how their data is encrypted. But, they know the hassle that comes when they’ve become vulnerable to an attack, have been hacked or have had their information compromised. What they do know is that the S that is part of HTTPS and the lock in the browser is the best indication they have that a business is doing everything it can to protect their sensitive information. So, if you haven’t yet adopted HTTPS, perhaps it’s time you did.
If you still have questions about getting your website secure with SSL certificate, please call our SEO experts here at 1st on the List at 1-877-563-0459.
