HTTPS, SSL, TLS & why you need it
From January 2017, new layers of security known as HTTPS and SSL/TLS were introduced by Google Chrome which means browsers will see a security warning message on all sites accessed by the browser which do not have these layers incorporated.
As one of the UK’s leading WordPress website design agencies, we got this covered a while ago, but for those who aren’t so web savvy, let’s have a quick look at what it means (you might want to grab a coffee for this one, as we’re about to get geeky).
What’s it all about?
Starting with HTTPS – we are all familiar with HTTP coming up on address bars when we use a web address. It stands for ‘Hypertext Transfer Protocol’ and is the way that we ‘talk’ on the worldwide web. HTTPS – note the extra S at the end, stands for ‘Hypertext Transfer Protocol SECURE’. Regular users of sites such as Amazon will recall that it already appears and what it actually does is prevents snoopers from seeing information that visitors to your site send to you (or receive from you) by encrypting it so that only the server can decode it.
What about SSL/TLS?
Turning now to SSL/TLS – those initialisms stand for Secure Sockets Layer and Transport Layer Security.
SSL has been around for a while and now the latest upgrade is known as TLS. They are both effectively stamps of approval that a website is secure and are officially referred to as certificates. If you go to a website that has no padlock on the address bar and change http:// to https:// the site will still load BUT without SSL/TLS a warning will be displayed by Google Chrome that even though you have requested information on a secure connection, the data is not being sent by that method and that the site may not be totally secure – many will heed the warning and move elsewhere!
So, what does this mean in real terms? – It means you must provide information about yourself as the domain/website owner and the website itself. Once a certificate is issued it is installed on the server and provides these security benefits:
- Identity authentication – the browser determines whether a web server is the right server and not an imposter
- Privacy – information between the browser and web server is kept private by using encryption
- Data integrity – messages between the browser and web server cannot be altered by others (for example during a ‘man-in-the-middle’ attack).
Once you obtain the right certificates your address bar will always show a padlock and always say https:// before your hostname.
Google is leading the way on this initiative and even if you don’t use Chrome or don’t think many people use it to access your website, you can’t afford for anyone to be suspicious about the authenticity of your website.
Google has issued an announcement that it plans to label ALL sites that only use http as non-secure as a step towards making the worldwide web a safer place.
And Google is just be the tip of the iceberg – others are quickly following.
Here at Cloud 9 we can make sure your website has an SSL, and – and it’s not an expensive exercise.
Give us a call and stay one step ahead of your competitors!