*Update: Last week Google’s Security blog announced that new versions of Google Chrome browser, starting in July 2018 will be marking websites without HTTPS connection as NON-SECURE.
HTTPS (HTTP Secure), as the name shows is a secure version of HTTP protocol. When you browse the web, I hope you know not to enter your passwords or credit card information on websites that don’t have a green lock in the browser bar:
This green lock shows that communication between your computer and the website is encrypted, by using a TLS/SSL certificate.
HTTPS connections don’t reveal information about a user’s behavior. It’s especially important on insecure Wi-fi networks at coffee shops, hotels, airports, etc.
Benefits that HTTPS protocol provides:
- Authentication – attacker can’t fake server certificate. Users will know if something is wrong and if someone is trying to intercept their connection.
- Data Integrity – attacker can’t impersonate destination and route the user to a malicious site.
- Encryption – passive and active attackers can’t listen in on credit card data, passwords, etc. It protects data of your users.
- Google gives preferred ranking to HTTPS enabled sites
- HTTP/2 protocol support (if the server supports it). HTTP/2 protocol helps your pages load faster. I wrote about benefits of HTTP/2 protocol in the past.
To enable HTTP/2 protocol for your website, your hosting company needs to support it AND you need to have SSL installed on your site.
Security is top priority for Google. Google Chrome is experimenting with marking HTTP sites (without SSL certificate installed) as non-secure.
Currently Google uses it to show only if there is a problem with an SSL certificate, or it’s expired.
The goal of this proposal is to show that HTTP protocol provides no data security.
HTTPS adoption has increased dramatically over the last few years.
The chart below shows how the number of HTTPS enabled sites increased over the last 3 years:
This number will only continue to increase with the adoption of the new open source FREE SSL – Let’s Encrypt.
To migrate your website to HTTPS, you need to install SSL certificate on your hosting server and migrate your existing content to HTTPS.
If you have any questions about obtaining an SSL certificate or migrating your existing content to HTTPS, please let us know if we can help.