This article is part of a series created in partnership with SiteGround. Thank you for supporting the partners who make SitePoint possible.
First and foremost, what does it mean for a website to use HTTPS rather than just plain old HTTP? It means that the site is secured with SSL (Secure Sockets Layer) or the more recent TLS (Transport Layer Security). If you're not knowledgeable about the subject, this statement may mean exactly nothing to you, so let's break it down.
When you visit a site, and you use the https version of the URL, you are asking for the secured version of the site. In a nutshell, this means that your browser will be hoping to see a SSL/TLS certificate on the website's server. That certificate should be granted by a verifiable Certificate Authority (CA) and basically allows your browser to interact with it via an encrypted connection. Depending on the certificate, it may also say "Look, this site is who it says it is, that's been verified". Once that certificate is found, a secure encrypted connection can be established between your browser and the website. Now, if anyone attempts to step in and intercept your communication, the data will be encrypted. Your ISP might be able to determine what website you went to, or how much data is transmitted back and forth, but there won't be any further snooping happening.
If the website's server is accepting HTTPS requests, but there is no valid certificate for that website, or the site's certificate is expired, has an invalid CA, or any other issue, your browser will notify you, and attempt to prevent you from continuing. This is due to the fact that the website is saying that there is a secured connection available, but not providing one, so the browser is trying to make you aware of that.
Many web servers either have a certificate, and route all incoming traffic to HTTPS, forcing you to use the secure version, or, if they have no certificate, route all traffic to HTTP, thus preventing users from trying to access a secure connection that doesn't exist.
So, now that we have a rough idea of what constitutes an encrypted connection to a website, let's take a look at the positive impacts of obtaining a security certificate for your site.
Search Rankings
In 2014, Google made HTTPS a factor in search results. Their goal seemed to be to force a change, to pressure website administrators to offer proper security for their visitors. At the time, this was a big deal, and it seems to have worked. This period was the start of an upward trend in the percentage of websites that introduced SSL/TLS for part of their traffic. In fact, sites that were entirely HTTPS also went on the rise.
Of course, Google doesn't publish all of the changes to the algorithms, but we know that HTTPS is an indicator, and it stands to reason that as more and more sites go HTTPS, that the penalty for not doing so may also be increasing. But for your site, or that of your client, isn't a little bit of extra work in trade for ensuring that your site isn't overlooked in favor of HTTPS enabled competitors well worth it?
Make Your Visitors Feel Secure
This next reason also falls into Google's wheelhouse, a bit, but concerning a different product: Chrome. According to a blog post about HTTPS sites, starting in 2017 with Chrome version 56, any pages that used forms to collect sensitive information (such as credit cards, login credentials, etc) would now be marked as "Insecure" in the address bar, with the neutral gray icon and text.
So, if your site collects private user information, Chrome may already be marking it as "insecure" to your users. What will that do for your user confidence? And in future releases, Chrome will be marking all HTTP sites as "not secure" with red warnings in the bar - a clear sign to your users that they shouldn't trust you! And Firefox does much the same thing, flagging form fields in non-HTTPS sites that may have you insecurely inputting sensitive information, and instructing users that the site is insecure in the address bar.
So, what is your users' faith in your website worth? Even if you aren't collecting sensitive information on your site, a visitor's ability to browse with confidence may make all of the difference.
Actually Make Your Visitors Secure
Here we come to what should be the main benefit of using HTTPS for your website - making your visitors and their interactions with your website actually secure. So, what do you actually need HTTPS for, and how will it help secure your visitors?
Continue reading %Why Every Website Needs HTTPS%
by Jeff Smith via SitePoint
No comments:
Post a Comment