Google just released the Chrome 68 update which will start marking all HTTP sites as NOT SECURE! If your site is not using HTTPS your visitors will be warned that your site is NOT SECURE starting today.
Contact us if you need help securing your site.
In fact, over 30,000 sites are hacked every single day. Hacking doesn't just cause you to lose revenue when your site goes offline, or force you to pay hefty ransoms to hackers to retrieve your data.
It can also completely destroy your brand's reputation, causing your customers to lose faith in your ability to keep their private, sensitive information safe.
If you don't already, now is the time to start taking online security seriously, whether you run an Ecommerce platform or a more standard company website.
Often, better security begins with understanding the all-important HTTPS certificate. In this post, we'll break down everything relating to HTTPS and SSL, including what they are, why they matter, and much more.
Before we do anything else, let's first get a clear definition of what HTTPS and the HTTPS certificate are. "HTTPS" stands for "HyperText Transfer Protocol with Secure Sockets Layer." HTTPS is not the same thing as "HTTP" (more on that difference in a minute).
While the name might sound complicated, the purpose is actually quite simple. In a nutshell, HTTPS is what protects you and your consumers' credit card information, passwords, and any other secure browsing data while they're on a website.
Often, HTTPS will be symbolized in the browser bar by the presence of small green padlock, sometimes with the word "Secure" next to it.
This means that, when you first access a site, your web browser swap cryptographic keys that don't allow anyone other than your specific browser and the server you're currently accessing to decrypt the information you enter into the site.
Think of it as though the server and your browser are speaking their own secret language, which only the two of them can understand. When you first visit a site that has an HTTPS certificate, your browser runs a quick security check to make sure that certification is legitimate.
It's kind of like asking to see someone's ID at a bar, and making sure that the picture on the ID is of the person standing in front of the bouncer. An HTTPS certificate ensures that no one is entering that bar with a fake ID.
Now that you have a better understanding of HTTPS, let's discuss how it differs from the far less secure "HTTP."
In the old days of the Internet, pretty much every website you visited had only HTTP "certification." This meant that when you were browsing the web and entering your payment information onto a website, it really didn't take much effort for hackers to gain access to it.
This is because HTTP sites don't have their SSL certification, which means that none of your data is encrypted. (To follow our above example, everyone is speaking the same language, and everyone is listening to the private conversations around them and taking notes.)
Over time, as hacking methods become more complicated and the overall rate of hacking increased dramatically, it became clear that the web needed to change. Enter HTTPS certification.
No one enjoys the feeling of being watched, and sometimes the re-marketing campaigns or ads that you see in your browser are just plain creepy.
While all Internet providers can still sell your history and data on the Internet to advertisers, HTTPS makes the process much more difficult. It also limits the amount of data they can see.
Finally, if you're using HTTP, the website you're visiting can be changed by your service provider at any time. This means they can make certain ads pop up, limit the information you're able to see on a specific website - you name it, they can do it.
But not with an HTTPS certificate, which stops this kind of tampering from network hosts.
The actual algorithm is pretty complex, so we'll try to break it down in much simpler terms.
In its simplest form, that's what an HTTPS certificate is all about - two servers exchanging keys. Only instead of unlocking a front door, it locks and unlocks data.
After that, a secure connection is established, and you can safely enter your information and browse to your heart's content. In order to have access to HTTPS, you'll need to work with a server that offers SSL encryption - meaning that is offers "mod_SSL."
You'll also need your own IP address so that the server providing you with an HTTPS certificate are able to verify that your site is secure and that you're the one actually running it.
Of course, the main one is that it offers increased security a promotes a sense of trust and safety between consumer and buyer. However, there are lots of other reasons why so many people are switching their sites over to HTTPS and gaining an HTTPS certificate.
For one, it's the wave of the future. These days, the majority of HTTP sites have switched over to HTTPS sites (don't worry, we'll cover how to do just that a bit later on in this guide.)
Additionally, because of the popularity of HTTPS sites, consumers have the option of navigating away from HTTP sites and buying what they need from a secure competitor.
There's just no reason why a consumer should or would put their data at risk when a better buying option is available.
Also, if your site isn't secure, customers are sometimes actively discouraged from visiting it. They may get a message in their browsers saying that the site isn't secure and asking them if they really want to visit it.
The fact that a site is insecure may even pop up in the address bar, encouraging customers to leave. That's certainly not going to help you to grow your business.
SSL is what actually makes your website secure, because it's what creates the encrypted link in the first place. If you want to create an HTTPS certificate, you'll first need to ensure that you actually have SSL certification.
Always take this seriously - if your certificate has expired, the server will let the person trying to access your website know.
It's quite simple. In your address bar, your URL will need to read "https://www.mysite.com" and not "http://www.mysite.com". That one little "s" makes all the difference.
As with an HTTPS certificate, the actual process of it all is fairly complicated, and you'll never really have cause to need to understand everything that goes into the certification process and the overall algorithm.
Your Public Key is immediately placed in what's called your site's Certificate Signing Request (CSR.) This is just another collection of data containing information about your website and its security.
Next, that certificate will be linked up with your website's Private Key, which is what lets your server create encryption and protect the data of those who access your site.
In this final section of our guide, we'll tell you how to change your website from HTTP to HTTPS to increase the security of your website.
Unless you have a serious comfort level with updating your website and making changes to its backend, you'll want to leave this part to the experts. When it comes to your website's security, it's just not worth taking a risk.
Thanks to this guide, you're now an expert on the HTTPS certificate. You understand what it is, why it's so important, and how it differs from the far less secure HTTP versions of websites.
But now that you know all of this, you've likely started to think about the overall security of your site, and the other factors that influence where you fall in the search engine rankings.
Online security, along with digital marketing in general, are both constantly evolving. The security measures and marketing strategies that you used even a week ago may be completely irrelevant in a few days.
So, what can you do to ensure that you're always on top of the latest developments when it comes to security and your site's overall effectiveness?
That's where we can help. Contact us to learn how we can get your website properly secured with HTTPS.
We have over ten years of experience working in the digital marketing world. We have offices in Chicago and Northwest Indiana, and serve clients across the United States.
Spend some time on our website to learn more about how we can take your company's website to the next level. Together, we'll work to increase your conversions, create better campaigns, and strengthen the security of your site.
We can't wait to make this year your most productive one ever. Get in touch with us to get the ball rolling.