https

New and Important Website Security Issues

Google has once again flexed its mighty muscle and is forcing the online world into totally adopting secure websites. Previously only considered for sites that conducted financial transactions and maybe had an online enquiry form to submit, it would seem that everyone is going to need a secure site if they wish to remain reasonably high on search engine rankings and not subject their visitors to warnings that may make them hightail it out of their site!

The original World Wide Web was built on an electronic protocol and programming language known as HTTP (HyperText Transport Protocol). It was the original “lingua franca” of the web. Buried in that HTTP code are the instructions of what is placed and where it is placed on a page when you visit a website. It also contains other information – too much to detail in this posting and irrelevant. The primary problem with HTTP is that it isn’t very secure; it can be “eavesdropped” upon by others who might spot some interesting information being transmitted (e.g. credit card details) and use it for nefarious purposes.

The way to stop this from occurring is to use the HTTPS protocol (the ‘S’ stands for “secure” or “Secure Socket Layer – SSL”), which is built on HTTP2 and encrypts all of the electronic communications passing between the user and server. You know you’re on a secure HTTPS connection when you not only see the added S in the URL but also a little green padlock icon in the address bar of your browser.

One significant advantage to using a secure channel is that the performance of the website increases significantly. That is, pages and media load a lot more quickly because HTTP2 is inherently faster than HTTP.

As I indicated earlier, there is another good reason for having your website run under HTTPS: Google will like it better and rank it higher in its search engine. Google has taken that a step further. As of the time of this writing, anyone using the Chrome browser (which is, of course, built and supported by Google) who is visiting an unsecured site will be warned of such directly in the browser:town of stony plain website not secureFew things will scare away a potential customer more than warning them that their computer’s security is potentially about to be breached! As of this writing, approximately 60% of web users employ the Chrome browser. (Yes, at the time of this writing, the Town of Stony Plain did not have SSL on its website.)

So, to summarize, you want to update your website to be delivered to users via HTTPS because:

  1. Your customers and prospects will be able to access and browse your site much more quickly.
  2. You will get a ranking boost from Google. (At least you’ll get a boost until all of your competitors follow your lead.)
  3. Your site will be interpreted by visitors as being one they can trust and the credibility of your business or organization will increase.
  4. Nothing that passes between your website and its visitor will be intercepted, no matter how benign.
  5. Any visitors browsing your site using Chrome will not be scared off.

Without going into a lot of detail, the first step in getting your website upgraded to the current secure standard is to acquire an SSL Certificate. Once a costly item, such things are now free and can be acquired from a number of online sources. The next steps are considerably more difficult because your website will need to be rejigged to work properly with a new URL. That is, where you used to be http://mysite.com you are now https://mysite.com. As well, any external links you might have on your site will have to lead to other secure websites. Doing these tasks can take a lot of time and effort and things might still not work properly if there’s even one lingering “http” as the needle in the proverbial haystack.

Fortunately, if your site was built using WordPress or I built it for you, I’ve acquired a number of software tools that will allow me to accomplish this task in an hour or two! This job can be accomplished with a day or two of notice – and I can even acquire the SSL Certificate for you.

Get your website secured. Now. Resistance is futile.

Cheers!

Ian

Did you find this post interesting? Perhaps you’d like reading one of these others:

Share this post

And that's nothing compared to what I can do!