You may have noticed an increasing number of sophisticated cyber attacks and large-scale data breaches over the recent years. You're not the only one! These "hacks" are becoming increasingly prevalent and so online security is by necessity becoming an increasingly important part of our everyday lives.
One of the simplest, yet often overlooked, security features available on any website is HTTPS. In this article I will explain to you the basics of what HTTPS is and why you should employ this simple yet effective security mechanism on your website.
What is HTTP and HTTPS?
When you type a URL into the address bar of a website, a "web request" is initiated and sent across the internet. This request travels through phonelines, via your internet service provider, and onto a server machine in a distant data centre, potentially on the other side of the world.
Along the way, there are many different points at which this page request can get intercepted. And at any of these points, the contents of the request can be read, and even tempered with.
Similarly, when you enter your login credentials in a login form on a website, a request is made which travels across the internet. If the website is not configured to handle this request over HTTPS, then like before, the request is not safe.
HTTP is what's called an unencrypted protocol. This means that the information in the request can be read in plain text. HTTPS on the other hand, leverages encryption and encrypts data which is sent from your browser, all the way to the hosting server that receives and handles your web request. Once the encrypted request reaches the server, it knows how to unencrypt it and return the correct encrypted webpage response back.
1. It protects your user's sensitive data
Having explained the difference between HTTP and HTTPS, it might seem obvious to the benefits over the latter. HTTPS encrypts your data so that no 3rd party can read or modify the potentially sensitive information that is travelling across the web.
In our opinion, this is the most important benefit of configuring HTTPS on a website. Many of the hacks we see today are due to login credentials or personal details having been stolen through various means, with the above-mentioned web traffic sniffing being one of them.
If you host a website, your users will appreciate that you have gone to the effort of setting up HTTPS. Not only will they feel somewhat safer on your website but they will not be vulnerable to having their login credentials of personal information stolen, and ultimately used against them.
2. Google will look at your website more favourably
Search Engine Optimisation, the process of optimising a website so that it ranks higher in search engine results, is affected by whether or not a website is set up on HTTPS.
Search engines, such as Google, acknowledge the benefits that HTTPS offers. So much so in fact that they have designed their ranking algorithm to look more favourably upon websites that are configured to use HTTPS.
If you ever pay someone to optimise your website, one of the first things the consultant will do is update your website to use HTTPS. Not only will your website enjoy the enhanced security, but it may even load faster – another characteristic favoured by search engines.
3. Your website will be more trustworthy
Web browsers, such as Chrome, are making it easier than ever to quickly identify a website that is being served insecurely over HTTP. Have you ever browsed to a website and immediately noticed the distinct red warning next to the address bar? If the page is secured over HTTPS, it will look something like this. Notice the lock icon which preceeds the URL?
With this in mind, configuring HTTPS will go leaps and bounds in developing trust between your website and your users. Trust is a critical factor in determining whether or not your users will convert, i.e. use your contact form, or sign up to your newsletter. Encouraging this trust by securing your website in this way is both a powerful and cost-effective option.
4. It's becoming cheaper and easier to setup
Business budgets are often tight. So, it would be understandable that if setting up HTTPS was expensive, then it would have to be prioritised in the budget along with everything else. Luckily, unlike a decade ago, it has become easier and cheaper to secure your website with HTTPS.
Using the LetsEncrypt certificate provider, and an installation tool such as Certify, it's easier than ever to secure your website with HTTPS for free. If you don't have any technical knowledge, it may be necessary to pay someone to set this up for you. But it really shouldn't take them any longer than an hour of their time.
So, if you're operating a website and it's still using the HTTP protocol, hopefully you will consider migrating to the more secure HTTPS option.
Your users will not only appreciate that their personal details are more secure, but they will feel more confident and trusting and more likely to convert. They will appreciate the added security, and so will the search engines. Although SEO is a complicated, they will undoubtably be more inclined to rank your website higher in search results.
If you have some technical knowledge and are keen to attempt the migration to HTTPS yourself, go ahead and read the getting started documentation for LetsEncrypt. Also, here's a good article on migrating a Wordpress website. Want more information? Get in touch with us, we'd love to help.