5 Top Reasons Why Your Website Should Use HTTPS
If your website is still using HTTP and is not HTTPS security enabled, this could pose a threat to your website, traffic and future business.
We are still seeing many websites that are unsecured, despite Google’s announcement – effective last July. The Google Chrome 68 release now marks all HTTP sites as “not secure.” Last May Google further announced in its Chromium Blog, “Since we’ll soon start marking all HTTP pages as ‘not secure’, we’ll step towards removing Chrome’s positive security indicators so that the default unmarked state is secure. Chrome will roll this out over time, starting by removing the ‘Secure’ wording and HTTPS scheme in September 2018 (Chrome 69),” wrote Chrome Security product manager, Emily Schechter. “Previously, HTTP usage was too high to mark all HTTP pages with a strong red warning, but in October 2018 (Chrome 70), we’ll start showing the red ‘not secure’ warning when users enter data on HTTP pages.”
According to Google’s Online Security Blog, “For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”.
Google further explains, “Chrome’s new interface will help users understand that all HTTP sites are not secure and continue to move the web towards a secure HTTPS web by default.”
Why is this now a requirement? HTTP uses Hypertext Transfer Protocol. This network protocol standard allows web browsers and servers to communicate and exchange data on demand. With HTTP, all data entered into the unsecured site is sent in plain text and can be hacked. We’ve been increasingly contacted by HTTP website owners for assistance with malware and other security related issues.
HTTPS stands for Hypertext Transport Protocol Secure. HTTPS is powered by TLS protocol (Transport Layer Security) and the SSL protocol (Secure Sockets Layer) which are digital certificates more commonly known as an SSL/TLS certificate. Think of TLS as an updated, more secure version of SSL. HTTPS establishes an encrypted connection between a web server and a browser. It also authenticates the server you are connecting to and protects transmitted data from unintended recipients and hackers, including contact capture data, username/password logins, credit card/payment details.
Top 5 Advantages of HTTPS
1. Secure is faster – HTTPS is a more technically advanced and secure network protocol solution than HTTP. HTTPS is better as it unlocks both performance improvements and powerful new features that are not available with HTTP. SSL is also required for Accelerated Mobile Pages (AMP). See our AMP article for more information.
2. Visitor Trust – Your website visitors want to know that they can trust your site and can quickly and readily see the lock (for now). If your clients/website visitors know you’re secure, they’re far more likely to do business with you and revisit your site.
3. HTTPS and SSL/TLS is Essential for PCI/DSS – Websites which accept credit card payments need to offer protection to their visitor data. According to the PCI Data Security Standard any sites that collect payment information to process online payments, must be PCI-compliant. Having an SSL/TLS certificate installed is one of the primary requirements set by the payment card industry (PCI). It is mandatory that financial, e-commerce and most websites that require log in have HTTPS
4. HTTPS is Becoming the Universal Norm – As demand for security and privacy grows we are seeing a more secure web. According to Google:
- Over 68% of Chrome traffic on both Android and Windows is now protected
- Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
- 81 of the top 100 sites on the web use HTTPS by default…..and these numbers are growing
5. Search Engine Optimization Boost – HTTPS can also help with SEO
“In 2014, Google announced HTTPS as an SEO ranking signal,” say says Joshua Alexander, Sprout’s Director of Technology. “Since then, that signal has increased as Google pushes for a universally secure web. Therefore, configuring your entire website for HTTPS could provide a small SEO boost.”
HTTPS – What Does the Future Hold?
For now, users will not be blocked from accessing HTTP sites, however they will be warned. As of October 2018, all Chrome 70 users see the following not secure warning below.
“If you think your site is safe from hacks there are documented hacked sites each day,” says Alexander. “Take a look at top daily attacks here. Add that with the new Internet of things, including your coffee maker, fridge, and oven that can be the weakest security point in your network. Make sure you are taking steps to get your site protected today.”
A recent article in The Washington Post also states “a new report from security firm Sitelock has revealed that the typical small business website is attacked 44 times a day and software ‘bots’ are visiting these sites globally an average of 152 million times a week.” The Sitelock report, based on analysis of more than 6 million websites during the last quarter of 2017, found bots, malware, backdoors, and other malicious software on so many of these sites that the company estimated that more than 18.5 million websites are infected at any given moment, the research states.
If your website does not meet HTTPS requirements, please click here for a free consultation.
For more information about Google’s HTTPS plan please see Google’s Security Blog.