From October 2017, all major browsers will display a “Not secure” warning if it includes a contact form and does not have an SSL Certificate.
How do I know if I need a security certificate?
Ensuring security for your visitors when taking payment details has always been important, with major browsers showing warnings to users when they attempt to pay on a non-secure website. HOWEVER, this recent shift in internet security means that if you handle the transfer of ANY data this will need to be done so in a secure way.
With most sites on the web having some kind of facility to input data, a substantial amount of sites will be affected.
If you’re not sure if your site is secure you can test it here –
https://www.ssllabs.com/ssltest/
How Miro can help?
Every website should now be HTTPS
“HTTPS protects much more than form data, it keeps the URLs, headers, and contents of all transferred pages confidential, and prevents any info from being intercepted by potential hackers.”
The secure version of HTTP, HyperText Transfer Protocol Secure (HTTPS) is the protocol used for data which is sent between the browser and your website. The ‘S’ at the end of HTTPS stands for ‘Secure’ and means that all communications between your browser and the website are encrypted. Initially, HTTPS was used to protect highly confidential online transactions like online banking and online shopping order forms. However, the recent shift in internet security means that every website should now be HTTPS.
HTTPS protects much more than form data, it keeps the URLs, headers, and contents of all transferred pages confidential, and prevents any info from being intercepted by potential hackers.
The Benefits
Utilising an encrypted HTTPS connection brings with it many benefits both to visitors and your positioning within the search rankings. These benefits include:
Priority in the search rankings – Google has now updated its ranking algorithm and now looks at whether you are keeping your visitors’ interactions secure and prioritises its results based on whether or not your site uses the encrypted HTTPS connection
HTTPS provides your customers with peace of mind that you are handling their data securely and that it is being protected
Addresses and payment details entered on your site will be encrypted and cannot be intercepted
Visitors to your website will be able to quickly verify that you are a registered business and that you own the domain
Customers are more likely to trust and complete purchases from sites that use HTTP
HTTPS sites are faster, helping keep your visitors engaged
Browsers mark your site as being secure and don’t warn users against submitting personal information
Internet Security – How It Works
When a visitor browses your website, data is passed back and forth between their browser and the website server. On a standard HTTP connection, this data is sent in plain text which means that if a malicious third party were to intercept these communications they would be able to read what is being sent.
“Using a standard HTTP connection can leave you vulnerable to hackers, who could steal visitor data and use it.”
If a visitor to your website was purchasing an item from your ecommerce store, then this data would contain their contact details, address, and in some cases, their credit card information. Using a standard HTTP connection can leave you vulnerable to hackers, who could steal visitor data and use it. Not good for you or your customers.
To prevent this from happening, a website must ensure all requests are made over a secure HTTPS connection. This is done by installing an SSL Certificate onto the web server where your website resides and making some changes to the website setup to make sure it uses URLs with ‘https://’ instead of the less secure ‘http://’.
Once an SSL certificate has been installed onto the web server and the website has been set up to use it, any data passed back and forth by the server and the browser will be encrypted and will not be able to be read by anyone else.
Data encryption is accomplished by using what is known as an ‘asymmetric’ Public Key Infrastructure (PKI) system. It uses two ‘keys’ to encrypt communications, a ‘public’ key and a ‘private’ key. Anything encrypted with the public key can only be decrypted by the private key and vice-versa. The private key remains securely on the web server whilst the public key is distributed to anybody who needs to be able to decrypt information that was encrypted with the private key.
When a visitor requests a page on your site over a HTTPS connection, the website will initially send its SSL certificate to their browser. This certificate contains the public key required to start a secure web session. Based on this initial exchange, the browser and the website then initiate the ‘SSL handshake’, which establishes a uniquely secure connection between the visitor’s browser and the website.
How Miro Can Help
We can provide an upgrade to your current website hosting package that will install an SSL certificate onto your site. We will also carry out the necessary configuration changes to make sure your site uses the new HTTPS connection correctly.
Our SSL security upgrade would provide a Domain Validated SSL certificate from Comodo Internet Security. This is a trusted certificate that is automatically renewed every 90 days, uses 2048 bit encryption and 99.9% browser recognition. Once installed web browsers will display the padlock icon next to the web address of your site in their address bar and visitors will automatically know that your site is secure.
With the certificate in place, we will carry out website configuration changes to use the new HTTPS connection, along with adding the required redirections to ensure that all traffic using the old HTTP URLs are taken to the new secure ones. We shall also carry out a web page check to ensure they no longer contain non-secure elements and will run through a testing process to confirm all existing functionality is present and correct.
Prices start from £320* + VAT
* Price can vary depending on a particular website’s configuration and use of additional third party plugins or applications.
Read more
https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html?m=1
https://doesmysiteneedhttps.com/
https://www.troyhunt.com/https-adoption-has-reached-the-tipping-point/
https://www.ssllabs.com/ssltest/
https://www.troyhunt.com/life-is-about-to-get-harder-for-websites-without-https/
