Just what is the difference between HTTP and HTTPs? Most people we speak to are aware it means the website has an SSL certificate which means the connection is secure. But it’s not yet widely know that every website should now be using HTTPs and many reading this post will likely be thinking, “I don’t have a web shop or collect credit card information so it probably isn’t something I need to worry about”. If this is you then you definitely need to read this article!
So if you’re wondering “do I need an SSL certificate?”, the answer in 2017 is definitely. In our opinion, every website should now have an SSL certificate regardless of what you actually do and we will detail the benefits this will bring your business. But it may also surprise you to know that not all HTTPs websites are equally secure, this post will detail how HTTPs benefits your business and how you can maximise the benefits of using it.
Perhaps you’ve seen the ‘green lock’ in the top left of your browser bar before? If you use Google Chrome, this is what it will likely look like – each browser shows it differently, but will show you if the connection is partly, or fully secured.
If something is not right with the certificate (for instance: if it has expired or is invalid in some way, you will recieve an error like below:
You may have noticed – if the website is partially secured, you will see an imagine perhaps similar to that below:
Notice the grey ‘i’ and how this does not say ‘secure’. This means the website has an SSL certificate and is using HTTPs, however, something about the way in which it uses it is not safe. If this is your website – read on as we detail what you need to do!
First, what is SSL / HTTPs and why is it important? SSL provides the foundation of your website security, it does a few things to achieve this:
It ‘authenticates’ the domain to your server – meaning your visitors can be confident the website they are accessing is the ‘real McCoy’ (i.e. not a forgery or a dummy website set up to dupe people into handing over credit card information). To your business this means instant online credibility!
It encrypts data, securing it as it passes between the user and your website, making it practically impossible for hackers to ‘listen in’ and intercept communications (sometimes called a ‘man-in-the-middle’ attack). This applies to all information, including personally identifiable information (PII) and other sensitive information such as credit card details.
However, due to recent developments, your website will enjoy some new benefits as a result of having a fully secured SSL certificate, these are:
Google Indexing of mobile websites : In 2015, Google announced they would be indexing HTTPs over HTTP, this means if all else is equal between your website and a competitor, if you have SSL and they don’t, you can expect to rank higher. Who doesn’t want to give their business the best chance to win that business over a competitor?
SSL is required for AMP : As the web goes more mobile, a new technology has been developed by Google called “Accelerated Mobile Pages” (AMP) which is an integrated mobile platform. SSL is required for your website to be considered for this technology.
Notice how we say SSL ‘provides the foundation’ of your website security – what you build on top is just as important. This leads us back to why some websites that have SSL are less secure and show the ‘grey icon’ in the address bar we mentioned earlier.
Many websites use external code, scripts and services. If your website is integrated with other services such as Google Maps for example, it will likely need to load some Javascript code or HTML from Google’s server.
These should also be loaded using HTTPs. Even though your web page is secure to the end user, because it loads from insecure sources – the web page itself can no longer be considered secure at all! It is a bit like having secure locks on your front door, but leaving the window open. Just like your business premises, your website security can only be as good as its weakest point!
Thankfully, it’s usually fairly easy to audit your website and ensure all your scripts, code and resources load using HTTPs to win the prize of a green lock and enjoy the maximum benfit in search rankings of a fully scured website.
If your website is not quite fully secured and you would like someone to audit your website to ensure you have a green lock and everything uses SSL, why not get in touch with Audit My Website? We specialise in auditing websites and resolving issues like these.