When you browse the Internet looking for a product, topic, or service, do you check the URL to see if it begins with HTTPS? Do you own a website, and if so, does your URL begin with HTTPS? If not, it wonât be considered secure soon. If you want people to find your website on Google, itâs important to fix your website now.Â
What Is HTTPS?
HTTP is an abbreviation meaning âhypertext transfer protocol.â It allows communication between different systems on the Web. It transfers data from a web server to your browser so you can view the website’s pages. HTTPS in the URL indicates that a layer of security exists on a website. The âSâ stands for secure.
But according to a Google report in October 2017, many sites still use HTTP instead of HTTPS. In fact, about 79 of the top 100 non-Google sites use HTTP instead of HTTPS. And 67 of these are using outdated encryption technology or no encryption at all.
Developers are making steady progress converting HTTP sites into HTTPS sites, but it may be a long time until thereâs 100% compliance. Google is striving to have HTTPS on all websites.
So, Whatâs The Big Deal Anyway?
When you view an HTTP URL, the page content youâre viewing can be detected by anyone who gains access to your network. They can also tell what other sites youâve visited.
Essentially, your web browsing isnât private when you go to HTTP sites. When you visit an HTTPS site, the only thing the hacker or intruder can view is the domain of the website, not what youâve done on the website (like purchasing something from Amazon).
For this reason, itâs especially important that you only use HTTPS sites when youâre purchasing anything or performing tasks like accessing your bank account. Without encryption (HTTPS), your confidential web activity can be intercepted, changed, and stolen by attackers using the same network.
What Will Happen If We Donât Use HTTPS On Our Website?
It’s very important that your business website begins with HTTPS. Many people wonât visit your site if itâs not secure.
And starting this month, (July 2018) Google will label your website ânot secureâ unless you use HTTPS. On February 8, 2018, Google posted this message:
âBeginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as ânot secure.â
This means anyone using Chrome will automatically be directed away from non-HTTPS encrypted websites, regardless of whether they’re a legitimate site or not.
Trust is important to consumers and business professionals who might visit your website. If they donât believe itâs secure, they could move on to your competition.
Plus, websites like GitHubGist keep a running list of all the sites theyâve found that arenât secure. How damaging would it be if your website was on their âshame list?â It could ruin the reputation of your business.
Will HTTP Affect Our Website Ranking On Google?
Yes, if you donât switch to HTTPS, Google will drop your ranking. They started doing this back in 2014. They even published best practices for secure websites. The list of things you must do is pretty long and complicated. So, make sure whoever is managing your website knows what theyâre doing.
Here are some of the basics Google suggests:
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate.
- Use 2048-bit key certificates.
- Use relative URLs for resources that reside on the same secure domain.
- Use protocol relative URLs for all other domains.
- Check out our Site move articlefor more guidelines on how to change your websiteâs address.
- Donât block your HTTPS site from crawling using robots.txt.
- Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.
Google also suggests that you test the security of your website.
What Do We Look For When Testing The Security Of Our Website?
There are many free and paid-for tools on the Internet you can use. But, basically, this is what you want to know.
You should check your websiteâs security on a regular basis. These are some of the things you should always test. There’s another term for this; it’s called web application penetration testing. This is where a team of ethical hackers (your IT Provider should be able to help you) test your site for security. Ethical hackers know where to locate the weak points in your website. And they know how to remediate any vulnerabilities and protect your website against security attacks.
Some of the website security tests they conduct include:
- Login Testing: If this is compromised it can reveal confidential user information to hackers. Also, be sure to test unsuccessful login attempts to make sure people are locked out if they enter the wrong credentials after a specific number of attempts.
- Feedback Form Testing: Ensures your online forms are working properly and tested for security. Again, your IT professionals can help you with this.
- Credential Testing: Ensures the integrity of your credential encryptions and that a hacker canât access them.
- User Session Timeout Testing: Ensures the integrity of user sessions. For example, you want to make sure that when someone logs out of your site, that the session is truly terminated.
- Testing For Website Attacks: Ethical hacker will run popular website attacks to see how strong your site holds up against them.
- Access Tests: To ensure the permissions youâve set are actually working and that users only have the access youâve specified.
Switching to HTTPS and running website security tests arenât enough. You also need a Web Application Firewall for assurance.
Whatâs A Web Application Firewall?
This is a type of firewall deployed between your web servers and the Internet. Your IT Provider can set this up for you. Itâs usually a standalone device that filters each incoming and outgoing message. However, there are now cloud/software based solutions for this. These monitor and block malicious data as itâs transmitted to and from your website.
The Web Application Firewall (WAF) inspects data packets and only lets them through if they meet specific rules in the firewall rule base. It will stop attacks and breaches coming from the Internet and external networks.
A rule base can be set to allow all traffic through unless thereâs a rule to prevent it. The most commonly used method is to set the rule base to not let traffic through unless it meets an explicit rule to allow it.
We know this is a lot of information to take in and it can be confusing. Plus, Google is always changing their ranking rules, so this is a âmoving target.â
The team at Steadfast Solutions is always available if you have any questions about your website or web activity.Â
In the meantime, check out our other interesting articles. Weâve posted them to keep you abreast of what you need to know about technology today.
What 5 Questions Should I Ask Before I Need Computer Services In Frankston?
Todayâs Security Challenges And How Microsoft Helps Mitigate Them
