HTTPS. You see it all the time when you browse the Internet. But what if you are new to the Internet, or what if you aren’t new to it, but you don’t quite get it?
Not everyone knows how the Internet works, and that’s okay … if you’re not going to have a website. But if you are, then you really need to know some fundamentals for a healthy and safe business website.
What is HTTPS?
Hypertext Transfer Protocol is “HTTP.” It is an application protocol for distributed, collaborative, and hypermedia (text, links, audio and video) information systems. In other words, HTTP allows you, a user, to connect to a web page of interest via a server. You ask, the server grants, and this communication is linked through HTTP.
HTTP is the foundation of data communication for the World Wide Web.
But an HTTP URL is not secure. An HTTPS URL is secure.
What’s a URL again? “URL,” or Uniform Resource Locator, refers to the browser bar where you type in the web address or website you are looking for. Data transferred to and from your site is not encrypted — it is less safe — when using an HTTP URL.
HTTPS consists of communication over HTTP within a connection encrypted, or converted, by Transport Layer Security (TLS), or its now-deprecated predecessor, Secure Sockets Layer (SSL). When set up correctly, content is delivered in your browser with a lock icon, because “S” is for “secure.”
A properly installed TLS certificate with all page assets using HTTPS = Secure Lock Icon.
That’s what we are after, the lock icon, in your browser.
Why do you need HTTPS?
HTTPS is used to authenticate the visited website and to protect the privacy and integrity of the exchanged data — that is, the stuff you see and say. Privacy and security are at the top of the list of why we use HTTPS, but establishing trust, as well as populating search ranking, round out that list.
Respect the Privacy of Your Website Visitors
You need to use HTTPS in order for the data to be encrypted to and from your website. The Internet is evolving into a more locked-down, secure, encrypted one. As privacy issues rise, everyone is moving in the direction of complete encryption of the web. It’s like locking the doors and windows of your home or office, or using a safe for really valuable things, with only you or a trusted user holding the keys or codes.
Here are the major privacy concerns for the non-encrypted website:
- When a visitor on your website submits information using contact forms or other lead-generation forms, his or her personal information is being sent in clear text where it can be intercepted and easily read by hackers.
- Any data transferred to and from your site by you and your users could be read, or altered, by malicious parties.
- Consumers are becoming more savvy and not submitting information over a non-encrypted connection. That friction reduces conversions and can hurt your business.
Ensure the Security of Your Website
It is a common misunderstanding that you don’t need HTTPS if you are running a simple brochure marketing site and aren’t asking for credit card information. However, you are putting both your site and your users at risk if you don’t use HTTPS, because HTTPS ensures that the content on your website is encrypted and secure.
When you sign into your website, your login credentials are easy to intercept if the site is not encrypted with HTTPS. The “password” field may appear protected because a password field will show dots instead of text. However, the actual password is transmitted into clear text where hackers can see it.
Software used by hackers is evolving. It’s getting smarter, and, therefore, easier for ill-intentioned people to break into non-secure sites. In order for them not to catch up with you, you must be on your game by taking all necessary precautions to be one step ahead of phishing and other password and security breaching attempts.
If you still are running your website over HTTP instead of HTTPS, here are your security issues:
- Your user ID and password might be compromised when signing in as an administrator of your site. Without encryption, the credentials are sent from your computer to the web server in clear text.
- Other users’ passwords could be compromised when they log into any part of your website, especially membership sites or e-commerce, for example.
- Payment forms, which contain highly personal information and credit card data, likely the most guarded information among customers and visitors.
- A non-encrypted website can be easily spoofed or altered in transit for malicious intent.
Establishing and Maintaining Trust
A non-secure website endangers the success of your company brand. HTTPS reinforces your company brand.
That closed lock icon in your domain browser says, “Come on in. Your visit will be safe and secure.” It implies that you know what you are doing online. Your customers and site visitors will notice if your site is not secure; you will lose website traffic and all-important conversions because of it. We guarantee it.
For some time now, Google has used HTTPS as a ranking factor for search engine results. They penalize sites that continue to use the non-secure HTTP protocol, rather than the HTTPS protocol, which will affect your search ranking.
This practice is part of Google’s ranking algorithm, and they are forcing the issue and making this publicly known on your site through the browser address field. In other words, without HTTPS, you are not going to show up at the top of the list of searches. Browsers like Google Chrome and Firefox now show warnings when your site isn’t using HTTPS. It’s that little red triangle that says “not secure.”
The little red triangle in your browser is like a skull and crossbones to your savvy Internet user, and that savvy user will not continue to your site. That little red triangle says, “Ye be warned.”
It’s time to upgrade to HTTPS.
HTTPS is a must on the modern web. Consider this an opportunity to boost not only your website security, but also your online brand.
After you enable HTTPS, all of these problems will be solved, because passwords, form submissions, and all of your site content will be encrypted. You will come to love the lock; you will find it comforting.
Every new site we set up includes HTTPS as part of our fundamental website-building infrastructure. With Google penalizing non-encrypted sites with low rankings, a non-secure, non-HTTPS website is no longer optional.
Protect your site and your users. If your site still uses HTTP, contact your site administrator or web host and request an upgrade immediately. Otherwise, call us. We love to help your business be as successful as it can be online.