Exploring HTTPS Security for all Websites
The trend is towards having a secure connection to a website. Google is starting to take this into consideration in their search results. If you don’t sell anything, how important and desirable is it, and how do we install it?
If you have a simple form, such as a newsletter signup form, the data is sent insecure and the user’s email address “could” be intercepted(?)
With HTTPS, information is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:
- Encryption – safe from eavesdroppers
- Data Integrity – data can’t be intercepted or changed
Authentication – proof the site is the ‘real’ one, not a spoof
- Get s certificate from a reliable CA that offers support.
- 3 types of certificates:
- Single certificate ”
www.example.com
“ - Multi-domain certificate (
www.example.com, cdn.example.com, example.co.uk
). - Wildcard certificate for subdomains (
a.example.com, b.example.com
).
- Single certificate ”
Once it’s set up, the site needs to be redirected from the http:// to https://
Use relative URL’s under the same domain name
Does the web server support “Server Name Indication”. While SNI is supported by all modern browsers, you’ll need a dedicated IP if you need to support older browsers. A dedicated IP address will need to be set up with the host, usually at an increased hosting cost.
Google Ranking
“…we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
WordFence Post regarding free SSL
Launching in 2015: A Certificate Authority to Encrypt the Entire Web