Why your website should be using HTTPS
HTTPS stands for “Hypertext Transfer Protocol Secure”.
A website running over the HTTPS protocol encrypts traffic between the visitor’s browser and the web server running the website.
To run your website over HTTPS, an SLL Certificate from a recognised Certificate Authority needs to be installed on your web server.
But what does all this really mean?
When you browse the internet, you will probably do one of two things:
- type in a web address (like bbc.co.uk) directly into the URL bar at the top of the browser
- or, more likely, perform a web search and click on one of the links that come your way.
Either way you’ll end up viewing a website that is either using a secure means of accessing it, or not.
Your web browser performs these actions via a protocol called ‘http’.
Secure sites have purchased what’s known as an SSL Certificate and installed it on the server running their website. Their website can then run using https.
Most websites that are properly configured will automatically default to use the https:// without the viewer having to type it out.
As well as this, browsers such as Chrome will indicate that a site is secure by showing a green padlock. Otherwise they will show a small “i” that indicates a website is potentially insecure!
Our website shows a green padlock showing that it’s secure, rather than a small “i” that indicates the website is insecure (in this case I’ve obscured its name)
Why your website should use https
In a nutshell, good security, good SEO and helps create customer confidence in you and your product.
Google is the company behind one of the internets most popular web browsers – Chrome – and they have recently started flagging websites that don’t use https as ‘insecure.
Clearly, this is not a great advert for your business!
If you do run a secure website over https, Chrome will present the viewer with a green padlock icon in the browser and tell your visitors that your website is secure.
A much better advert for your business.
Other web browsers present visitors with something similar, usually in the form of a padlock or information icon that can be clicked for further information.
As well as this, GDPR is coming into effect on the 25th May 2018. GDPR is a huge topic, but in essence it’s about making sure businesses are securing their customer data, including how it is stored and transported.
If your website has cookies or a web form for people to complete and submit, you are storing and transferring digital data. Running a website over https is a step in the right direction.
Search Engine Optimisation
Back to Google again. I know there are other widely used search engines out there, in particular Bing, but in reality Google is the king of search engines.
As part of their drive to encourage websites to run over https, Google announced back in 2014 that secure ‘https’ websites will be given an SEO boost.
What types of SSL Certificates are there and which do I need to have an https website?
There are three levels of SSL Certificate: Domain Validated, Organisation Validated and Extended Validation.
A typical ‘Domain Validated’ SSL Certificate is suitable for most small business websites and will cost around £50 per year.
This level of certification means the company issuing the certificate (the Certificate Authority, or CA) knows you to be the owner of the domain and will show as a green lock in the browser.
Banks and other organisations that require a more advanced level of certification will have an Organisation or Extended Validation which will shoe a green lock and the company name.
You can read more about the differences of SSL Certificates here: https://www.globalsign.com/en/ssl-information-center/types-of-ssl-certificate/
How do I configure an https website?
The first step is to purchase your SSL Certificate. Web hosts like GoDaddy and UK2 sell a basic SSL Certificate for about £50/y.
Here at Webcetera, all of our hosting plans offer a free 256 bit SSL Certificate (free with the Business and Premium hosting and free with all hosting plus management plans)
You then need to install it on your hosting platform. Your web host will be able to help you with this. Many provide a one-click system to install it.
Finally, you need to make sure your website is configured to use https rather than http. This can be a little tricky.
Again, your web host might be able to help, if not you’ll need to contact a web developer.
It’s critical that all internal links within your website (navigation, links to other pages etc.) use https:// and not http:// otherwise your website will still be classed as insecure!
So yes, there is quite a lot of work involved, but it is definitely worth you putting on your website roadmap.
While it might require an investment of a little cash and some time to get this configured, there are many advantages to running a secure ‘https’ website. The important once we’ve discussed here are:
- All customer interactions are encrypted
- Better Search Engine Optimisation (SEO)
- A better advert for your business with a green padlock that says your site is secure
- A step in the right direction in relation to GDPR