The Era of a Fully-Secure Internet with HTTPS / SSL
Since 2014, Google has incrementally pushed the Internet and the vast abundance of websites towards universal adoption of SSL.
Back then, they announced that an SSL certificate – acknowledged through the “https://” part of URLs and an accompanying green lock icon – would provide a small search engine rankings bonus, as incentive.
Four years later, Google has pushed their SSL mandate in that any non-HTTPS websites will be marked as “insecure”, both in their search results and in the URL bar of their Chrome browser.
You can imagine that any visitor to your site will instantly lose confidence in your website or store when flagged as “Not Secure”.
Beyond these surface level reasons to secure your website, there are numerous key incentives for your to adopt SSL on every one of your web pages. No fear, it’s easy to accomplish.
What is an SSL Certificate and HTTPS?
SSL stands for “Secure Sockets Layer”. This is a layer of encryption that allows for a secure link between user and web server. HTTPS is HTTP via a secured TLS (Transport Layer Security) connection.
Without it, any web traffic transmitted between a user’s browser and the web server can, and often is, monitored, collected or “sniffed”, by anybody so inclined with basic hacking software.
Think about the components of your website:
- A contact form
- An admin page, where you edit content, access databases, or change settings – such as WordPress, or cPanel
- A user login area, such as a customer dashboard, or messaging, or forums
- An online shopping cart, where customers enter payment information
- A search form
- A newsletter Subscribe feature
- Anything else that requires a “Submit” button is pressed
When data is submitted from the browser to web server, it’s sent in plain text through various different networks on the way to its intended destination.
The consequences are many:
- Spammers likely use spiders
- Email addresses submitted through web forms such as contact forms and Subscribe buttons are regularly collected by spammers.
- Passwords are stolen and later used to logon to compromise devices.
- Payment info, such as credit card details, is stolen, and later used by criminals, typically micropayments, but also for big purchases.
- Search information can be studied by competitors and spammers.
- Any “private” messages or content can be read, made a copy of, and stored somewhere.
- When you register a domain name, spammers intercept your contact details, and typically follow up with sales pitches of web design and other services.
With SSL, it provides an extensive, encrypted key on the browser end, that can then only be unscrambled on the recipient server. This means no interception or monitoring by third parties while data is in transit.
Five Critical Reasons for HTTPS
HTTPS protects the integrity of your website
Your data packages may travel around the world in order to offer your users the fastest website experience. This gives attackers a huge chance to modify your website’s content and threaten the integrity of your website. The injection of fake and/or malicious content will affect your brand and your revenue in a negative way.
HTTPS protects your users
Encryption protects the privacy and security of your users. HTTPS prevents intruders from being able to passively listen to communications between your websites and your users. Worst case it involves sensitive data, but even non-sensitive data can become crucial in combination with other insensitive data.
HTTPS indicates trust
If you use SSL for your website, the little green lock in the browser windows will instantly show your users that your website can be trusted. Chrome 68 is even marking non-encrypted sites with the label “non-secure” in order to help users protect their privacy. Help user’s protect their privacy in all browsers and get your free certificate today.
HTTPS the prerequisite for HTTP/2
HTTP/2 promises optimized page load times through non-blocking concurrent download of resources. However, browser only support HTTP/2 when it is used over an encrypted connection. Lightning fast website through HTTP/2? Sounds like another good reason for SSL.
HTTPS improves your search engine results
Since 2014 SSL is one of Google’s ranking factors. Pages with insecure content are down-ranked and malware-infected websites are even removed from the index. Non SSL-secured websites trigger a warning when a user opens them in Chrome, which not only affects the trust of users but in the long run also search results.
Types of SSL Certificates
Newcomer Let’s Encrypt (LE) has disrupted the previously commercial-dominated SSL certificate space.
LE is free, automated, and open certificate authority provided by the Internet Security Research Group (ISRG) aiming for a more secure and privacy-respecting web. Since it’s beginning in 2016 it has gained more and more popularity. Now in 2018, it is the most common certificate. When using a service or system like wao.io or RunCloud’s built-in SSL mechanisms, it’s simple to set up and deploy.
This has reduced the importance of buying domain validated (DV) SSL certificates, that cost anywhere from $20 to hundreds of dollars. Domain validation involves sending an email to an administrative contact of the domain, meaning any website, including spam-inclined organisations, can easily set this up.
The optimal level of trust is through Extended Validation (EV SSL). A manual vetting process validates the authenticity of the applying organisation, including cross-checking company registration, a lawyer’s letter (if requested), and a validation phone call to the number listed for the company. It can take a few weeks to set up.
After a certificate is successfully acquired and deployed, the browser URL bar adds the registered company name to the website address.
Most banks, bigger websites and online services use EV SSL on their homepages, as visitors can tell from a glance that the organisation is legitimate and their pages are protected.
HTTPS Upgrade with free SSL Certificate
wao.io provides an automated HTTPS upgrade for your site. Show your users directly that you can be trusted. Encrypt your website with an SSL certificate, keep it safe from data thieves, and stay relevant online.
Installing SSL typically takes several steps: a verification process to prove your domain ownership, storing the paid certificate on your web server and finally, the hassle of renewing it periodically.
wao.io simplifies the process for you: we take care of domain validation, certificate installation and renewal without any extra costs.
301 Redirecting Service – ensure full encryption and prevent duplicate content
Installing an SSL certificate does not necessarily mean that your site is encrypted. Without setting up a redirect service, your users (and search engine crawlers) may still land on the unencrypted HTTP version of your site.
However, implementing a server-side 301 redirect is not that easy. This is why we have done the job for you: simply toggle “Redirect HTTP URLs to HTTPS” in your wao.io dashboard and be sure that your site is fully encrypted.
Rewriting Service – your solution for mixed content
Upgrading to HTTPS is great, but what about mixed content? Once your website is using SSL, the browser interferes correctly with every request that is sent via HTTP.
A website is complex and loads a lot of different resources. Therefore, it is nearly impossible to keep track of all the different URLs. You can either install a developer tool to track down the URLs and change them manually or simply enable wao.io’s Rewriting Service.
Every resource will be rewritten countering mixed content and ensuring a perfectly safe user experience.
For more information – Visit wao.io/SSL-Upgrade
Written by Sea Ansley – firstname.lastname@example.org