Posts

Technology solutions for you.

Looking for something?

Create an Account

HTTPS is to become industry standard for all websites. Is your Website SSL Ready?

With recent changes to the Chrome Browser (you can read more about the Chrome Stable Update released on July 24th 2018 and on the Google Security Blog) it is apparent that websites need to be secure for a plethora of reasons.

HTTPS Not Secure Website Example

Without a doubt Chrome is the most popular browser in the world. This will begin a shift towards manditory HTTPS and SSL migration for all websites and for all browsers.

 

Below are answer to some of the common questions I have been asked;

 

 

What is SSL and HTTPS?

HTTP is the protocol for sending data between your computers browser and the Internet. You see it anytime you visit a website (eg. http://mattharmer.me).

HTTPS is the secure version of this that encrypts the data and makes it difficult for anyone to capture and read it. Any website can try to use HTTPS, but they need an SSL Certificate to do so.

SSL makes the 'S' in HTTP possible. It can also be used to encrypt other protocols, such as Email and FTP. Suffice to say there is much more to SSL, for example it really should be called TLS, but that's another few paragraphs, I am offering the simplified explination.

 

A further note on SSL's - If you have SSL you can use it to encrypt your emails. It works in a similar way to website encryption, it will encrypt your emails and offer additional protection against third-parties reading your emails.

 

 

Will HTTPS slow my Website down?

Technically yes, HTTPS is slightly slower than HTTP. It requires an additional 'handshake' to work, but there are many other factors that will affect your website speed to a much higher degree, and many more benefits that outweight the miniscule speed loss, I have listed a few below;

 

1) Server Location - The most obvious and beneficial way of speeding up a website is the location of your server. The closer it is to your clients, the faster the speed. The server infrastructure I deploy for my clients uses multiple server locations for the best experience for their visitors.

2) Website Optimisation - Your web developer should be using a few techniques to speed the load times of your website. These include, caching files, compressing files and optimising images.

3) A Better SSL - Without getting too technical, there are different levels of quality for SSL Certificates, a higher quality one would cost more but would give website speed benefits and other benefits beyond load times such as higher encryption levels. I have further information on different types of SSL Certificates here.

 

 

Will HTTPS affect my Search Ranking?

A move from HTTP to HTTPS is considered a site move so there are various steps that should be taken to let search engines know that your are moving to HTTPS. The only way this move might drop your Search Engine Rankings is if your web developer or your SEO person failed to follow bet practices.

Moving to HTTPS will help your website. Google has announced that HTTPS is a ranking signal, and this trend will continue, so the move is beneficial. 

 

 

How do I get my Website SSL?

If you host your website with me it's already done. I have installed free SSL's and have systems in place to check for any new domains names and auto-install SSL for all future websites. This SSL can also be used to encrypt your emails. I recommend contacting me to see if your emails are setup to use your SSL.

 

Not all SSL's are the same.

 

Free SSL's are a great option if your website is pretty simple. By that I mean your not taking credit card details or other sensitive information. More advanced SSL's can be used to protect more domains at higher levels of encryption to make it even harder to intecept sensitive data. I have some more information on advanced SSL's available if you would like to learn more.

 

 

I have installed SSL on my website. Now I get Mixed Content Errors!

If I created your website and it's on my hosting platform, this has already been sorted. I would have fixed all of your mixed content errors.

Mixed Content errors come from external sources that are not using HTTPS. These come in the form of ads, fonts, images, videos, embedded information and other scripts. All these should be requested via HTTPS to avoid mixed content errors.

If you have adverts on your website, you should reach out to these advertisers and ask when they are moving to HTTPS. Most should have a plan, for those that do not, you may whish to hold off on HTTPS based on the ad revenue VS the benefits of deploying HTTPS.

 

 

Great, My Website is Secure! Now I am safe from Hacking...

Well, not exactly. One major consideration is the computer or device your are using to access your website and the internet. If you login to your website to update information or you send sensitive information via email, you should make sure that your computer is always kept up to date. Thats the Operating System and all of the programs on your system.

 

Make sure you are using Anti-Virus and Anti-Malware software.

 

I have seen Websites hacked because of inadequate Anti-Virus and Anti-Malware protection. The Malware can capture login details used and get access to your website. You can read more about the Anti-Malware I use and offer here.

 

 

More Information

If your interested in more detailed information about HTTPS, check out this HTTPS Migration Guide. (HTTPS Migration Guide)

If you want to secure your site with a something better than a Free SSL, I offer a bunch of different SSL's for sale (SSL Certificates)

As always I am availble to answer any of your questions, post a comment below or use the contact page.

 

Comments powered by CComment