Hackers exploit unprotected websites by tricking users into giving up sensitive information or installing malware. Some third parties may even inject advertisements into websites that can potentially break user experience and create security vulnerabilities.
Intruders exploit unprotected resources which travel between your website and your users' images, cookies, scripts, HTML etc. Intrusions can occur at any point in the network, including a user's device, a Wifi hotspot, or a compromised ISP - just to name a few!
HTTPS stands for Hyper Text Transfer Protocol Secure - this is the secure version of HTTP, the protocol used when data is transferred between your browser and the server that hosts the website you are visiting. As the name says, in the case of HTTPS all the communication between your browser and the website you are visiting is encrypted.
This means that all data exchanged, like personal data you are filling into a webform, credit card related data, the information you are getting when opening up your Member only webpage, and so on is encrypted at one end (the browser or the server), sent across the Internet and decrypted at the other end, thus making it unusable for a potential attacker that might intercept it.
Users prefer HTTPS websites.
Various search engines have recently also started favoring HTTPS enabled websites when displaying websearch results. In general HTTPS enabled websites are regarded as more trustworthy for visitors.
HTTPS is especially important if your website accepts credit cards or has a login functionality. With so many hacking
incidents making headlines, users need to know your brand is making an effort to protect them from their private information being stolen or
Google Chrome is displaying ‘warning messages’ on HTTP websites that require a password and other form fields. This can be concerning for your customers and potentially compromise a sign-up, a contact or even a sale.
In order to enable the secure HTTPS connection, an SSL certificate is used. This certificate is purchased from a Certificate Authority by the server's administrator and is sent over the web browser of the visitor in order to initiate the so called "SSL handshake". The handshake is basically the initial exchange between the web server and the browser in which the SSL certificate that contains the public encryption key is downloaded by the browser. After the certificate is downloaded from the webserver, the encrypted communication can begin.
Be aware and prepare.
HTTPS is the future, and eventually, if your website does not contain this additional layer of security, your ranking may get affected.
In October 2017, Google changed the message ‘NOT SECURE” to website listings without HTTPS. This will not affect your PageRank (as at the time of this article) but may deter users from visiting your website.
Google doesn't appear to be downgrading websites without HTTPS at this stage, but it is definately preferring websites with HTTPS, and therefore giving them preferential rankings.
The main benefit of this additional website security is ‘peace of mind’ for your customers, therefore less potential for abandoned sales/membership/contacts, plus potentially a better Search Engine Ranking with Google in the future.
So with all this in mind, we highly recommend adding an SSL Certificate to your website in order for it to be listed as HTTPS. If you need help or would like to discuss further please contact us to see how we can help?