Website Security – Why You Should Be Using HTTPS

If your website doesn’t use an HTTPS connection, visitors may be greeted by a warning that your website is “NOT SECURE”. That’s probably not the best message to be sending to your customers! Learn how you can prevent this issue or fix it if you’ve already become a victim.

P.S. Don’t get scared off by the term “HTTPS”. We have tried to keep this article as non-technical as possible.

The Need for a More Secure Internet

There are more than a billion websites on the world wide web today, and we share so much of our personal information with these sites – credit cards when making a purchase, social security numbers when filling out applications, names, birth dates, home addresses, and more! This has made the internet a prime target for criminals. The recent Equifax data breach, which exposed the personal information of nearly 150 million people, is a striking example. And any website, no matter how large or small, can become a victim. Because Chrome is one of the most popular web browsers in use today, Google decided to take steps towards ensuring a safer internet browsing experience for everyone. But it requires a little bit of work on the part of you – the website owner.

Protecting Credit Cards, Passwords, and Private Information with HTTPS

In September 2016, Google announced that it would start flagging websites in Chrome that don’t do enough to protect users’ data. If you are using an HTTP connection on your website instead of HTTPS (we will explain what that is in the next section) and have a web page where visitors type in a password or credit card information, then Chrome will display a warning that the website is “NOT SECURE”. Although the initial announcement only referred to payment information and passwords, a later April 2017 announcement extended this warning to a broader set of cases (including all websites that collect information through contact forms, which is very common). Google also stated that “eventually, we plan to show the ‘Not secure’ warning for all HTTP pages”. So even if this doesn’t apply to you right now, it will very soon. Firefox has also joined the party.

What Is HTTPS Anyways?

We won’t go into the technical details, but HTTPS is a more secure (encrypted) way for people to use your website than HTTP.

How do you know if your website or a website that you’re visiting uses HTTPS? Look at the address bar at the top of the page. See how the address for this page reads: https://www.zakandzu.com

The “https” at the beginning means that the Zak & Zu Marketing website is using a secure HTTPS connection. If instead the beginning of the address had read “http” (without the “s”) or nothing at all (such as www.zakandzu.com or just zakandzu.com), this would mean that the website is using a non-secure connection (don’t worry, we’re using the secure one).

What’s so good about HTTPS? It makes it more difficult for hackers to steal the information that you share online. For example, say that you submitted your name, email address, and other information to us through a contact form on our site. The HTTPS connection will jumble your information so that if a hacker tries to read it, it will look like gibberish. If we weren’t using HTTPS, the hacker would readily be able to see all of your information. This is especially dangerous when it comes to passwords, credit cards, and other sensitive information, which is why Google is using these security warnings to prompt action by website owners.

How Do I Secure My Website?

This is where things get a bit technical, and you may want to get help from the person who created or manages your website (or contact us). It can be especially complex for old websites and large websites that have many pages.

In a nutshell, you need to enable TLS (transport layer security) or SSL (secure sockets layer) protocols on your website. This is commonly referred to as getting an “SSL/TLS certificate”. A lot of web hosting companies make this pretty easy nowadays, requiring just a few clicks. Here are some helpful resources to guide you in case your website was built with WeeblyWix, or Squarespace. If you have a WordPress website or any other custom setup, contact us for help.

The cost of HTTPS security varies greatly: from as low as eight dollars to several hundred per year. It depends on your website setup and how much security you need and want. We recommend SSL/TLS certificates from Namecheap (disclosure: affiliate link). Namecheap is what we use at Zak & Zu Marketing, because they provide great usability and value. Keep in mind that you will have to renew your SSL /TLS service every year. An expired certificate will result in a ‘NOT SECURE’ warning too, so set a reminder on your calendar a few days before the expiration date.

NOTE: Google Chrome does not accept “self signed” SSL/TLS certificates. Your certificate must be verified by a third-party certificate authority, otherwise you will receive a warning like this from Search Console:

self-signed SSL / TLS certificate warning in Google Search Console

Oftentimes, your website will still be browsable over the non-secure HTTP connection (if someone specifically types in http://www.youwebsite.com), and you may need to manually redirect visitors to the new HTTPS version. Some web hosts will do the redirecting for you automatically, but be aware of this caveat and check to see whether your hosting provider does this or not. If you are on WordPress, there are some helpful plugins available to make the process go smoothly — such as Really Simple SSL. Make sure that your sitemap and any resources that you reference also utilize HTTPS.

Lastly, if you use Google Search Console and/or Bing Webmaster Tools to manage your website, you will want to submit the HTTPS version of your website for indexing. In 2014, Google announced that they take the presence of HTTPS on your website as a positive factor for increasing your search engine results rank.

There you have it. Now you can be on your way to creating a safer internet for your website visitors and customers. This public service announcement was brought to you by Zak & Zu Marketing. We are a Bay Area digital marketing agency that works with businesses, entrepreneurs, and nonprofits worldwide. Get in touch with us if you want to chat about anything related to marketing or the internet.