Why You Need to Secure Your Website with HTTPS and SSL
Until recently, most website owners have not had to worry about special measures to secure their web pages unless they were conducting eCommerce transactions, or collecting sensitive information such as medical or banking data. But now all that is changing.
Google now officially recommends securing websites with HTTPS, which means that not only will this be important for organizations that want their websites to perform well in search, but more and more visitors will come to expect it.
In short, website security is no longer something for only certain types of websites to worry about - it's a best practice for all businesses and organizations that want to optimize their search engine performance, establish credibility with visitors, and maintain a professional web presence.
What is a "Secure" Website Anyhow?
Website security covers many areas , but for the purposes being discussed here, it means that the website utilizes SSL , which stands for Secure Socket Layer, a standard security technology that establishes an encrypted connection between a web server and a browser, with the URL being prefixed with "HTTPS" rather than the standard and unsecure "HTTP" (with that extra "S" standing for "Secure").
Put simply, SSL secures the information that is shared between you (the browser) and the website that you are viewing or interacting with. Any information that you normally submit to a website (or retrieve from a site) is sent as plain text and can be viewed if an attacker is able to intercept the information. SSL encrypts the information that is shared between the browser and the web server, so that even if a user's information is intercepted by someone who is not supposed to have it they will not be able to read the data.
It's not hard to understand why SSL has historically been considered a best practice for any website that is processing transactions with sensitive data such as social security numbers, credit card numbers, personal health records, or login credentials. Now, SSL is becoming a best practice standard for all websites, including those that do not necessarily process sensitive data.
Google Wants You to Have a Secure Website
Back in 2014, Google introduced the idea of "HTTPS everywhere" and also indicated that websites using SSL would receive a small search benefit from https as a ranking signal. You would think that these public declarations would have been enough to get everyone using HTTPS as a new standard, but that never really happened on a wide scale outside of cCommerce sites that were already using HTTPS anyhow. But in 2016 Google really changed the game when they updated their Chrome browser to explicitly identify sites that do not use HTTPS as "Unsecure".
Browsers Now Shame Unsecured Websites
You may have noticed that most common desktop browsers such Internet Explorer, Chrome, FireFox, and even mobile browsers, such as Chrome on Android, and Safari on iOS prominently show lock icons to indicate when a site is secure via HTTPS. Chrome in particular goes a step further by labeling standard HTTP sites as "unsecure", as you can see in these examples (the same page for wholefoodsmarket.com viewed in Chrome - one with HTTP, and the other with HTTPS).
Because of these browser cues, website users are increasingly becoming conditioned to identify when a site is secure vs. unsecure, and with that comes an implied sense of credibility and professionalism in favor of secure sites. This is especially important for business websites that have a brand image that is reflected in their web presence.
Is Your Site Secure?
Confirming whether your site is secured with HTTPS is a two-step process: (a) make sure that you have an SSL certificate properly installed on your server, and (b) confirm that your pages are being forced to HTTPS versions of the URLs (i.e. so their are no unsecured versions of the page using HTTP).
Install SSL
Fortunately, it's pretty easy to determine whether or not your site has SSL properly installed. Simply type "https://" in your address bar, followed by your domain name (e.g. https://your-doman.com). If you see a lock icon in your address bar, it means that you have SSL installed on your server; if you see an error message it means that you do not have SSL installed, or that it is not configured correctly. If you're unsure, or if you want to run a more thorough test you can also use this SSL Server Test to get additional information about your SSL configuration.
Force ALL Pages to HTTPS
In addition to making sure that you have SSL installed on your server, you also need to make sure that all of your site pages are resolving to the secured HTTPS version, and not unsecured HTTP (i.e. just because you have SSL installed does not mean your pages will automatically use HTTPS). Otherwise, the site is not truly secure, at least not in the eyes of Google. This can be accomplished with the proper server configuration, use of redirects, and testing. To confirm whether or not your pages are being redirected to HTTPS, try entering the standard HTTP version - if they are being redirected properly you should notice that they automatically redirect you to the same page using HTTPS. Try this for your homepage, as well as a sample of interior pages to make sure that the redirects are working across your site.
Protecting Your Users, and Your Business
Last but not least, if Google's preference for secure websites isn't enough, consider your users. If your site is not secured with HTTPS it essentially means that ALL data submitted through your website could be intercepted by someone who is not supposed to have it - this includes contact forms, logins, chat logs, and browsing patterns. Do you really want to expose your users, and your organization, to that kind of liability?
Ultimately, for 2017 and beyond website owners will want to ensure that their websites are properly utilizing SSL and HTTPS for optimal security, search performance, and credibility with users.
Get Help
If you need assistance making sure that your website is properly secured with SSL and HTTPS, as well as other security best practices for site maintenance, please feel free to contact us for a complementary assessment or to discuss further.
To learn more, simply complete the form below and we’ll be happy to follow-up with additional information, including:
- Needs Assessment
- Cost Estimates
- Questions & Answers