How to secure your website & protect your users, for free?
Your business website is the shop front of 2019. Customers research your company, the products and services online before they consider purchasing. Even those who are ready to buy might search for the company’s contact details or opening hours first. So why do you allow your website to remain unsecure?
All websites are stored on a server. So when a visitor lands on your site, their browser ‘calls’ the server, which sends the information to their screen as a webpage. The way that the browser ‘calls’ the server is called HyperText Transfer Protocol (or HTTP for short).
HTTP is the set of rules that all websites and browsers follow when they communicate. It considers the transferring of files, text, images, videos, sounds etc from the server, to the browser. Think of servers as the back end, and your webpage as the front end, working together.
Typically, these servers are managed by a hosting provider. This is the company that maintains the site and handles the server’s security. On the front end however, your website may not be so secure.
How does HTTP affect my website’s security?
HTTP has been the standard for sending information for years. It’s in the URL of every website you visit. For example http://www.glmarketing.ie.
As online business has grown, so too has the need for extra security. In the early days of the web, HTTP was fine. Store the files on a server, enter a URL to get the files and they appear in front of you. Now, we’re exchanging personal information or credit card details online so there is a need for greater encryption of the data.
Enter HTTPS (the S being for secure).
HTTPS secures a website with technology called Transport Layer Security (TLS). When you install this cert, it encrypts every data packet meaning that even if it is hacked, the data cannot be accessed. Better yet, getting a cert is free with Let’s Encrypt.
My website doesn’t take credit cards, do I need HTTPS?
Yes! Other than security, there is one really important reason to have a HTTPS website. Google says so. Since July 2018, Google has been punishing websites that do not have https security. When a visitor lands on an unsecure website, browsers display a message to the end user telling them it’s “Not Secure”. Which doesn’t look good to a potential customer.
According to Google, “users expect a secure and private online experience when using a website” and they fully encourage webmasters to adopt HTTPS to ‘protect their connection’ to your website, regardless of whether you accept credit cards or not.
Google also uses many different ‘ranking signals’ to determine the value that a website offers. These signals help to calculate where you appear on a Google search. This is called Search Engine Optimisation (SEO). Experts estimate that there could easily be 200 ranking factors. Some are proven to be true, while others are still a source of debate. Google themselves have confirmed that HTTPS is a ranking factor.
Benefits for making the change now
If you decide to make the change from HTTP to HTTPS, there are a many great benefits to your website:
- SEO rankings boost – Google rates websites with HTTPS better than those without. So you have an advantage over your competition.
- Better security – both your website and your customer’s data is held more securely, reducing the risk of a breach due to hacking.
- Increased customer perception – the ‘Not Secure’ warning does not look good. Having HTTPS in your website prevents this and makes it clear to visitors that you are safe to use & a good option doing business with.
- Increased conversion rates – a customer that is confident in your site is more likely to do business with you over an unsecure competitor.
Add these to the fact the Google has also created a new approach for showing information for searches on mobile phones. Accelerated Mobile Page (AMP). The criteria for getting your website to appear on an AMP ideally involves HTTPS websites. So it’s an additional benefit to your business as well as for SEO.
How to secure your website?
The ability to make your website HTTPS lies with your webmaster. Typically, whoever is hosting the website. Depending on your business arrangement, it could be as easy as a phone call to make the change. If you do not have somebody to call, think about finding one.
How much should a security certificate cost?
Security certs can be gotten for free. Some hosting providers try to charge for them but often this is not justified (outside of their standard rate for doing a job). If you feel that you would prefer to have a paid for cert, then go ahead.
Are there risks associated with switching from HTTP to HTTPS?
There are some SEO experts warn that switching from HTTP to HTTPS can affect your rankings. Those who have tested it note that there may be an initial period after the switch where rankings drop a little, but they tend to recover. (It is Google that’s asking sites to switch over isn’t it…).
When are you making the switch?
This post is written to help give a basic understanding about HTTP vs. HTTPS. It’s important to be aware of the difference, and how it can affect your business. It will be updated as new information comes to light, or if we find that there are unanswered questions which can help readers understand more.
If you have any questions about the process, or need some help in switching your website over, comment below or email firstname.lastname@example.org.