Why You Need A Secure Website

In the past, using an SSL Certificate as part of your website’s hosting configuration was something only for ecommerce sites or those managing extremely sensitive information. However, it is now considered the best practice for all websites. There is still a lot of confusion on what this means and why you need to pay attention to this easily overlooked detail. Blue Tangerine recommends that all websites now use SSL, and we are working with our clients to upgrade any sites that still do not incorporate SSL into their hosting.

What is SSL?

SSL stands for Secure Sockets Layer. It is the technology that is used to encrypt the transmission of data between the web browser on your local computer or mobile device and the server that is hosting the website. When data travels across the Internet without an SSL connection, it is in a clear text format that someone else could possibly intercept and read. Using SSL protects your data from being read by someone else

secure website

The data that typically comes to mind is information that is submitted via a form on a website. This data includes information found on a checkout form, a contact form, a newsletter subscription form or a login form. However, SSL also protects the data coming from the server back to your web browser, which ultimately includes any information that the site might display.

The certificate is the file that is purchased from an SSL vendor and installed on the web server as part of the hosting configuration. SSL Certificates are typically purchased on a subscription basis for a period of 1 to 3 years and require a renewal when that subscription ends.

How can I tell if a site is using SSL?

browser-security-example
At the simplest level, if a web page is using SSL then the URL that is in the web browser’s address bar starts with httpS, rather than just http. However, every web page is made up of numerous different files such as scripts, stylesheets, images and even other web pages. Each of these files has its own URL, which may or may not also use SSL. For complete encryption, all of these page elements—not just the parent page—need to use an https URL as well.

To help better inform users, web browsers provide more accessible information by clicking near the URL in the browser’s address bar. The browser will deliver warnings if there are any of the sub-elements of the page that are not using SSL. Most modern browsers now display a lock symbol near the address if the page and all of its components are properly secured.

Why is there such an emphasis on doing this now?

In 2014 Google started pushing for all sites to use SSL as a way to try and elevate overall data security online. Google also gives preference to secured sites in their ranking algorithm, which means that adding SSL to your site will help improve search engine rankings. (see https://security.googleblog.com/2014/08/https-as-ranking-signal_6.html).

While the SEO benefit encouraged sites who were already using SSL, such as ecommerce retailers, to fully encrypt their sites, many other sites are slower to adopt SSL because it required the site to upgrade to a hosting plan that offered a dedicated IP address. Due to the limited supply of IP Addresses, these plans were more expensive.

Treatment of HTTP Pages

Two relatively recent events have made these migrations and upgrades easier and more attractive. First, the server technology that allows SSL Certificates for different sites to operate in shared IP Address hosting environments has matured and has now become mainstream. This significantly reduces the hosting requirements for sites to use SSL since a dedicated IP Address for each website is no longer required.

Second, beginning in October 2017, Google started showing a more prominent “Not Secure” warning in the Chrome browser when users start entering data on site pages that contain forms. Because the typical user doesn’t really understand what this warning is referencing, this has the risk of reducing the user’s trust in the site and potentially reducing conversion rates. And, in July 2018, Google plans to show the “Not Secure” warning in the Chrome browser for ALL non-secure pages.

Image source: Google Security Blog

Does SSL prevent my website from being hacked?

While SSL does perform an important role in protecting the data used on your website, by itself SSL does not provide complete security for your site’s code. There are many different avenues and attacks that hackers use to try and compromise a website and access its data. A secure hosting environment is a combination of web server and firewall configurations, as well as secure coding practices that go far beyond just having an SSL certificate installed.

My site needs SSL, so what is involved in updating my site? 

To migrate a site properly to SSL requires a few more steps than just installing the SSL certificate and starting to use https with your site links. A comprehensive migration project will include the following tasks:

  • Purchase the SSL certificate software
  • Configure the web server with the SSL certificate software
  • Review and convert all scripts, included files, images and links to use secure references within the website’s code
  • Review all database and CMS accessible content to ensure that there are no hardcoded links or images using non-secure link protocols and update the content as needed
  • Create search engine friendly (301) URL redirects to force all old site page URLs to https from any existing external links (Google considers the http and https versions of your site to be two different sites, and because their content is identical, if you miss this step then you open your site up for duplicate content penalties and a negative impact on your search engine rankings)
  • Reconfigure Google Search Console and Bing Webmaster Tools to use the new https site version
  • Generate a new XML sitemap and upload to the site
  • Submit the updated XML sitemap to Google and Bing

Updating your website to a fully 100% SSL hosting configuration is an important task to accomplish as soon as you can. Your site’s users and your search engine rankings will thank you. For assistance in making your migration, contact us at Blue Tangerine today.

Greg Bray
GREG BRAY, PRESIDENT & CO-OWNERAn expert in technology strategy, website design and development, server management and hosting, and search engine and digital marketing, Greg uses his 20+ years of experience in the home building industry to bridge the gap between business and technology for clients, helping them reach their business goals.

FOLLOW US

instagram brand logo in color
facebook icon in color