At Barrel, most of our clients have websites that are already using HTTPS/SSL since we began integrating with Cloudflare in early 2016. Here are some reasons why your website should be SSL-protected in 2017 and beyond.
Sites without HTTPS send all of the data between the user and the website in “clear text” when sending. This means that nothing is encrypted, so a clever hacker can casually intercept data without having to decrypt the information. HTTPS enforces a security handshake between the browser and the server to verify that the certificate is valid and matches the expected signatures on the server. Many browsers like Chrome and Firefox already attempt to block the page when HTTPS is used improperly. Make it hard for data thieves.
In late 2016, Google announced that users of Google Chrome will begin to see warnings when a site that sends and/or receives form data (passwords or credit cards) does not have HTTPS. Users are more apt to complain, if they are warned of a potential risk with a website.
Google announced in mid-2014 that it would begin to use HTTPS as a ranking signal. This means that sites that have HTTPS enabled will be ranked higher than sites that do not. Take advantage of the bump while it’s available. When HTTPS is standard across the internet, this will likely be removed from Google’s algorithm.
Early in 2016, a beta project called Let’s Encrypt announced to the world that they would provide an authority that would grant free SSL certificates to the world. They did, and now acquiring a free SSL certificate for your server is relatively easy.
Prior to mainstream usage, in order to get a Free LetsEncrypt certificate, developers or system administrators would need to undergo a lengthy process to validate and provision the certificates. It took the better part of a year after it was announced that LetsEncrypt would provide free SSL certificates, but most web hosts began offering direct ways to offer clients a free certificate. Siteground, DreamHost, WPEngine, and now Pantheon, et al, each have direct LetsEncrypt integrations to add, renew, and deploy free certs. Get one while supplies last.
There’s a new web spec in town, and it’s name is HTTP/2. It’s an upgrade over the original 1990s era of web server specifications for the HyperText Transfer Protocol. One key difference is that TLS is now required, so you kind of have to have an SSL certificate. What’s changed? The new server spec allows for getting more files from a server at once rather than waiting for files in the order in which they are requested. While the traditional implementation might have added some overhead, then new one speeds things up a bit. You do need a server that implements HTTP/2, but most servers are moving to this new specification anyway. In any case, the end result is a much faster load time.
Does your website scare users with the “not secure” warning? Do your users complain that the page looks broken because of alerts about invalid certificates? Could your website benefit from a potential speed boost? Would you like a modest SEO ranking bump over your competitors still using the old standard?
If your site does not have HTTPS today, we highly recommend making the change as soon as possible to benefit from all of the above.
We help our clients launch and maintain robust websites and help to take care of performance and security issues. Learn more about Barrel and the work we do.