When you open a web browser (e.g Chrome, Safari, Firefox) and to look at website, the browser is actually asking a webserver (a big computer) somewhere across the world, to send the pages of the website to your computer. This conversation between your computer and server is handled by thousands of other computers and devices.
Think of this analogy; when you post a letter, is it handled by post office workers, driven around the country in Post Office vans, stored in sacks and pass through machines. Postal letters are protected by envelopes, and websites also need a type of envelope to provide security.
So, when we access a website, unless we take steps to protect the information we are requesting from, or sending through the site, the requests are potentially unprotected from naughty hackers who might intercept it, read it, potentially change, use it or sell it.
If a website is handling sensitive information such as personal details or credit card numbers, you can immediately see why this is a potential problem. A solution was therefore devised to protect the data.
We therefore need to protect our website and make them secure by using ‘HTTPS’.
When you look at a protected site, the web address in the address bar, looks like this:
HTTPS, SSL and TLS are acronyms for a set of technologies which allows us to protect data sent across the internet. When you look at a web page using HTTPS, this tells your web browser to encrypt/protect any requests to the webserver with SSL/TLS (Don’t worry if you don’t know what those are).
If someone was to then obtain a copy of the information you send through a site, they wouldn’t be able to read it. This is like writing your letters in a secret code that only you and your correspondent understands, so that if someone else steals your letter, they can’t read it.
They also verify the identity of the computers you are sending your data to. This means that your information is sent where you want it to go and nowhere else.
Why SSL? The Purpose of using SSL Certificates – https://www.sslshopper.com/why-ssl-the-purpose-of-using-ssl-certificates.html
But I don’t handle credit cards, why is it important to me?
The benefits of having your website protected with SSL is clear when you are dealing with credit cards, or important personal information about your users, and in 2017 it is becoming increasing beneficial for other websites to move to using HTTPS.
Google and search rankings
In 2014, Google announced that they would start to consider if websites use HTTPS in how far up your site will appear in the results of a Google search. This is because they want to encourage websites to convert to using HTTPS to protect their customers. Although it isn’t major factor yet, we are now starting to see that web sites who use HTTPS are listed higher up in the results than websites that don’t. Not having your website available via HTTPS could mean you drop off the first page of search results which we know it makes it much harder to find your business online.
Google Security Blog – https://security.googleblog.com/2014/08/https-as-ranking-signal_6.html
Does a SSL certificate affect your SEO – http://neilpatel.com/blog/does-a-ssl-certificate-affect-your-seo-a-data-driven-answer/
The latest web browsers recommend it
The latest versions of both Chrome and Firefox, which most people use to browse the internet have started adding features to make their users safer.
If they think that your website may handle sensitive information, such as personal data, usernames or passwords, they will be checking to see if you are using HTTPS. If you aren’t they’ll make it clear to users that your website may not be safe to use.
Although this isn’t very strongly displayed in Chrome yet (Fig 1.), they will be making it increasingly prominent as time goes on, to the point where any website that doesn’t use HTTPS will see a message which will be concerning for users.
Seeing “Not Secure” (Fig 2.) at the top of your website will have a definite effect on your customers trust of your website.
Wikipedia Web Browser usage share – https://en.wikipedia.org/wiki/Usage_share_of_web_browsers
Moving towards a more secure web –https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
Every site should have an SSL and use HTTPS
The web is obviously moving into the direction of making HTTPS the preferred, if not the compulsory, way of requesting pages, and these are just few of the reasons why this trend will continue to be massive in 2017:
- Google has officially announced that HTTPS will be a factor for search results standings
- HTTP/2 has started to be implemented by the popular browsers but only when using HTTPS. This new version of HTTP allows for significant speed loading gains over the previous versions.
- Google Chrome browser will gradually start to indicate more obviously non-HTTPS websites as insecure.
- Matt Mullenweg, the founder of WordPress has announced that some of the new WordPress features released in 2017 will be available only for sites using HTTPS (go to 31:00 minute to hear it). This is part of the overall drive to encourage people to use HTTPS over HTTP.