Call Website Security! This Site Won’t Encrypt My Data…
If you can’t trust a website, who can you trust? That’s a question Google has been asking for a couple years now, ever since they announced they’ll be taking a more hard-line stance in penalizing sites that are served over the non-secure HyperText Transfer Protocol, or as you may be more familiar with it, HTTP… You know, like the way website addresses appear in your browser, followed by the colon backslash backslash.
Go to any bank or e-commerce website today and you’ll very likely see a subtle change that hasn’t affected your browsing experience in the slightest but has made your data infinitely more secure. Addresses of these “safe websites” begin with HTTPS because their content is being served over a secure connection.
Believe it or not, that’s what the “S” in HTTPS actually stands for, secure.
Sometimes these secure websites may ask you to enter sensitive information, like your social security or credit card number, but that’s not always the case. My website is a perfect example of this, I’ll never ask you for any sensitive information, yet you’ll still notice a large green padlock icon appears to the left of the address bar.
That’s because our connection is truly secure.
What I’m trying to say is — in today’s world website security is an important topic for every website, not just corporations or financial institutions.
Here’s a more technical definition if you’re interested; HTTPS consists of communication over the HyperText Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and protection of the privacy and integrity of the exchanged data.
And for an even lengthier technical description of the HTTPS protocol you can click here.
In plain English — HTTPS connections encrypt the users data so that hackers can’t snoop out their private information. This type of verification also lets a user know they’re on an authentic website, and not a doppelgänger set up by some random third party who’s really just trying to scam you. Google is leading the charge on website security, going as far as to mark traditional HTTP website connections as “unsafe” in Chrome, complete with a red “X” over the padlock this time.
The HTTPS movement has made its way into Google’s new Webmaster Guidelines for this year, which is a big hint, hint that organic search rankings will soon be affected by a website’s secure connection status. You can easily test your own website security in Chrome by entering the address and checking for the color of your padlock. Other browsers are quickly catching up and using their own security markers as well.
You may notice some sites have a yellow warning icon next to the padlock which indicates a portion of the page is being served securely while others are not. If your website has the yellow warning icon there’s a handy tool you can use called why no padlock which will help you quickly identify any items on your website that are not being served securely so that you can begin fixing them.
I’ve recently upgraded my website security and transitioned my portfolio from HTTP to HTTPS. It’s best practice and in your best interest to go ahead and do the same for your website as soon as possible too. Even if you don’t store sensitive user data on your servers, you’ll be positioning yourself for higher rankings in organic search results. You’ll also halt the public Google-shaming from that tacky looking big red X which causes some users to second-guess ever visiting your insecure website again.
Bottom line, no one likes insecure website connections, especially Google. If you’re unsure about the current status of your website security, or if you need some help turning your padlock green, give me a call.
I’m a freelance WordPress developer who recently completed his 350th project on Codeable, all in the last six months. I’m one of the highest-rated and most active expert WordPress developers on their platform, and I’m available to help answer your website security questions. Get in touch with me today and let’s get started.