How to secure your website through HTTPS & SSL Certificates

We rely on the internet for everything from talking with friends and checking the latest news, to ordering the weekly food shop and registering details for a new passport. We put highly confidential information on the internet sometimes without thinking twice, but now the focus has been put on websites to protect our information.

Our question to you is: have you considered how you protect visitors to your website?

Whether you sell products on your site or not, the internet is becoming a more secure place. The internet’s leading authority, Google, have proclaimed that it’s now best practice to implement SSL encryption on your site - so it’s time you took notice.

The guide below covers the following (click to skip to the relevant section):

What is SSL encryption?

SSL stands for Secure Socket Layer, and is a form of security for your website, that makes a secure connection between visitors to your website, and your server. In essence, SSL does exactly what it says, it adds a layer of encryption on top of your standard connection that protects your visitors confidential information such as names, addresses, emails, and more sensitive data like card numbers and online banking logins.

How does SSL encryption work?

SSL works by installing an SSL Certificate, which is a small data file associated to the company in question, onto a web server. Once it’s installed, the browser being used by the visitor is told it can start a secure session. Any information then passed between the visitor and the website is encrypted.

It’s easiest explained through an analogy - say you buy a t-shirt and put your credit card details into a website, the SSL encryption puts your card details in a secure box, that only the server you’re sending it to has the key.

You might not have noticed SSL encryption while you’ve been browsing the web, but we guarantee you’ll have come into contact with it at some point in recent months. The easiest way to spot a website with SSL encryption is either by clicking on the icon before URL in your browser address bar, and the start of a web address beginning with HTTPS, rather than the standard HTTP.

What’s the difference between HTTP & HTTPS?

Firstly, what does HTTPS stand for?

HTTP stands for Hyper Text Transfer Protocol, and is the main way that browsers communicate with servers (that contain websites) across the internet. The main focus of HTTP is communication, getting the website you want to view to appear as it was intended, as quickly as possible.

HTTPS stands for Hyper Text Transfer Protocol Secure, adding a layer of security onto the standard way computers communicate across the internet, meaning visitor data is encrypted.

HTTPS protects the part in the middle of this process, which transfers the information from the visitor to the server. Any information passed from the website to the server is encrypted, meaning if anyone attempted to intercept the information, the message would be scrambled.

Benefits of a secure website

SSL improves your brand image

  • Protect against lost sales. As of the start of this year (but increasingly becoming more noticeable), if someone visits a site that requires user entry to login or makes a purchase and it isn’t secure, a new icon will be displayed in Chrome. The ramifications of your website being labelled as ‘Not Secure’ could potentially be huge, especially if you rely on your website for sales. Visitors will be actively warned that their details aren’t secure, leading us to the ask the question: who is going to buy from an insecure site? See an example of a secure HTTPS ecommerce site we recently launched here.

  • A vote of security from a third party. SSL certificates are granted by third party Registration Authorities, who provide verification that your site is trustworthy and company is genuine.

  • Soon it’ll be a requirement. Moz reported that in June 2016 that 33% of the results on page one of Google were HTTPS. With Google being incredibly vocal over the following months about the benefits of secure browsing, this figure is guaranteed to have increased. Currently on new website projects we implement HTTPS as standard, meaning if other web agencies are doing the same - gradually HTTP will be phased out, meaning companies run the risk of looking out of date. You can see examples of our latest secure sites in our case studies.

  • SSL also protects you. If you’re sending personalised information to your customer, that include money off vouchers or discounts that you otherwise wouldn’t want in the public domain, having a secure site means these messages also can’t be intercepted.

Google themselves provide information on three key benefits from implementing HTTPS:

  • Encryption. Encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages or steal their information.

  • Data integrity. Data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.

  • Authentication. Proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.

SEO Benefits of HTTPS

One of the main reasons many companies are migrating to HTTPS is the ranking boost that Google have acknowledged for sites that are secure. It’s a relatively small update, affecting less than 1% of global searches, but Google’s webmaster blog states:

“Over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web”.

The pendulum may swing eventually, as happened with Google Mobile update, where instead of giving a boost to sites that are secure, they may begin penalising websites without a secure connection.

You also benefit from more accurate analytics data. Currently for some referral traffic, the source of this traffic is stripped out when a visitor passes through a HTTP website. With HTTPS, that information is retained, meaning you can accurately report on which sites are referring traffic to you.

How do you move from HTTP to HTTPS?

While it’s relatively straightforward to implement, transferring your site to a secure connection is a technical process, and one that is a methodical process.

If you’d like to learn more about transferring to HTTPS, and are considering moving your website - get in touch with our MD Steve for advice.

No commitments, just a useful outside perspective on the next steps for your website.

More from the blog