Last year, we wrote a post on how important it is to have your website HTTPS-protected. Well, we’re back to tell you that it’s more important now than ever before.
HTTPS is a vital component of the Internet’s security framework. It protects users, clients, and business owners from fraudsters and scam artists. Ultimately, it’s the foundation for a safe digital space.
Want to learn about HTTPS and whether your site has it? Want to know how to enable HTTPS? Then this post is for you.
What Is HTTPS?
HTTPS (HyperText Transfer Protocol Secure) is a security protocol designed to protect users navigating the Internet. That’s all you really need to know: It provides additional security measures to a website’s existing structure. But if you want a bit more detail, let’s start with some background info.
HTTPS is based on an earlier protocol called HTTP (HyperText Transfer Protocol). You’ve probably noticed it at the beginning of website URLs, for example:
Since the start of the World Wide Web, HTTP has been the basic foundation for how all data is transferred. Essentially, it’s the medium through which services, clients, and users communicate.
So, what’s HTTPS then? You can think of it like HTTP 2.0: It adds an additional layer of security by using a security protocol (previously SSL, now called TLS). This security protocol then encrypts user data, making it so that third parties cannot access it.
SSL, TLS—What’s the Difference?
SSL (Secure Sockets Layer) was the first major security protocol developed for HTTP. Since 1999, however, it’s been gradually replaced by TLS (Transport Layer Security): a more robust protocol that provides greater client-server security.
Today, SSL is almost entirely out of use on the Internet. It’s a relic. Nevertheless, many users will still refer to their security protocol as “SSL,” even when they mean “TLS.” In common parlance, you’ll often hear people talk about “SSL certificates” rather than “TLS certificates,” but there’s not much of a difference. They’re just using outdated terminology. Old habits die hard.
OK, Can You Stop Throwing Around So Many Acronyms and Tell Me Why HTTPS Matters?
You can see for yourself why HTTPS matters. Let’s compare two websites, one with HTTPS and one without (shown in Firefox).
Here’s a website that uses HTTPS:
Figure 1: Secured Site (HTTPS)
And here’s one that only uses HTTP, without the added security protocol:
Figure 2: Non-Secured Site (HTTP)
Back in the day, it was said that most websites didn’t need HTTPS—that it was only necessary for domains transferring sensitive information, like bank details, usernames, or passwords.
To be sure, if you run an online shop or an e-commerce site, you’re going to want HTTPS. It’s the only way to verify that your transactions are happening in a safe and secure online space.
But HTTPS is important for every website, not just web stores. Google now factors HTTPS protection into its online rankings, meaning you’ll have an easier time getting to the front page if your website uses HTTPS. Since 2018, a href="http://linknowmedia.us/google-chrome-informs-users-when-they-visit-insecure-sites-heres-why-its-more-important-than-ever-to-switch-to-https/" title="Google now even warns users when they’re about to navigate to a site without HTTPS" target="_blank"> Google now even warns users when they’re about to navigate to a site without HTTPS. Nowadays, if you don’t have an HTTPS domain, you’re losing clicks, you’re losing traffic—and you’re losing business.
Just look at the above examples: Does the non-secure website—with its slashed-out lock—indicate trust? Would you consider that a trustworthy, reputable domain? Hardly. What kind of message are you sending with that? Even if you’re not carrying any sensitive information, having HTTPS is a matter of branding and representation. You need it. You want it. You should have it.
Having HTTPS will:
How Do I Enable HTTPS on My Website?
To enable HTTPS, you need to obtain a security certificate from an established certificate authority (CA).
In order for the CA to process your request, you will need to do the following:
1. Create an RSA public-private key (with 2048-bit encryption)
2. Create a certificate signing request (CSR) with your public key
3. Send the CSR to the certificate authority
If all that sounds too complicated to do on your own, don’t worry—it is complicated. At LinkNow, we encourage our clients looking for HTTPS to ask us to process their requests. Our Account Executives are always ready to do the heavy lifting for you.
For Site Security, LinkNow Media Is Here to Help
LinkNow Media is a leader in the web development industry. With over 10,000 clients across North America, we’ve established ourselves as a trusted service provider committed to delivering low-cost, high-value solutions for small- and medium-sized businesses.
If you want to add security to your site with HTTPS, don’t hesitate to give us a shout. Leave us a comment below, email us at firstname.lastname@example.org, or call us at 1.888.667.7186.