It’s 2018 and it’s time to secure your valuable website or web application! There should be no reasons to avoid it any longer, in fact there are many benefits in doing it now.
What is HTTPS?
HTTPS stands for Hyper Text Transfer Protocol Secure (HTTPS) — it’s the secure version of HTTP used to deliver your website or web application to your users.
In simple terms, it means the communication link between your user’s web browser and your web server is encrypted.
HTTPS requires a SSL certificate.
What’s this SSL thing you might be asking — it stands for Secure Sockets Layer, it’s a standard security technology that is used to facilitate the encryption component of HTTPS.
A quick lesson — it may be a bit technical so you can skip this if you’d like:
- SSL certificates have a key pair, known as a public and private key.
- The public key is what is shared with everyone (e.g. your users).
- The private key is what you must hold onto dearly and never share with anyone, only your server knows this key.
- The public and private key work together to establish an encrypted connection.
- The SSL certificate contains your public key along with other specific details to your server.
Why should I care about HTTPS?
Great question, here is a some points for you to consider.
Any data sent between your user and website (e.g. login details, credit card details, any sensitive personal information, file uploads) is encrypted over a HTTPS connection, which makes it very difficult for this data to be deciphered, even when your on other un-trusted networks such as public WiFi access points, etc.
Build trust with your users
Google is one of the big players at the forefront pushing site owners to secure their websites and web applications — with the latest release of their flagship browser Chrome, users are warned when your site is NOT SECURE!
With users who are constantly becoming increasingly savvy, the padlock or “secured” message is becoming more important than ever. Especially when you have the big players like Google pushing this message in the applications they use to access your website.
Cost is no longer a barrier
Meet Let’s Encrypt, it’s their mission to provide free SSL certificates to site owners because they want to create a more secure and privacy-respecting Web. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG). Web hosting providers are progressively adopting Let’s Encrypt for issuing free SSL certificates with little to no intervention required by you.
CloudFlare is another option, it also has additional benefits with how this service works. Your website essentially sits behind CloudFlare servers, with CloudFlare acting as a proxy to your real web server. It has an option to serve your website content under HTTPS. This means data between the user and CloudFlare is encrypted, however data from CloudFlare to your real server will not be encrypted if your real server is still serving content under HTTP (something to be mindful of).
Search engine performance
Google recommends websites to use https:// as part of their SEO guidelines. Google has also stated HTTPS is a ranking signal in their algorithm. Beyond Google’s own interests, they’re working to make the Internet safer, a big part of that is making sure that websites people access from Google are secure.
The flow on affect of having a secure website is the reassurance you provide to your users, who can also notice your efforts to provide a safer experience when they access your site’s content, including any of their own information. This in turn correlates to longer user sessions on your website, which can be a factor in Googles search ranking algorithm.