Why every website should be using a secure connection

More than ever before business and personal data travels the Internet. But how secure is this transit of sensitive information? Information sent over HTTP is sent in plain text; that anyone can read...

This blog post intentionally does not dive deep into the technical aspects of network protocols.Instead, its intention is to answer some common questions about HTTPS. If you are looking for more advanced technical advice, please feel free to get in touch or leave a comment below.

Should your website use a secure connection?


If you care about your website and its visitors, then it’s a challenge to list good reasons against using a secure connection. If a website handles sensitive information, then it should take extra care about security.

Examples of when sensitive information is handled by a website include:

  • e-commerce / transactional websites.
  • Websites that collect information with a contact form.
  • Websites that can be logged into, with a password by users or administrators.


How to secure the information that travels between a user and a website?


The most common method is to encrypt the data using HTTPS (TLS / SSL). TLS / SSL is a protocol used for sending encrypted data over the Internet and for validating a website’s identity.

Imagine HTTPS as an impenetrable tunnel, at each end is a key holder. Data is locked inside a capsule and sent down the tunnel, from one key holder to another.

A browser will also let a user know if a site is using a secure connection by displaying a padlock in the address bar.


So what are the benefits of using a secure connection through HTTPS?


Data and Website protection


This is the most important benefit of using HTTPS, protecting the data that you handle. Legalities aside, a website owner owes it to themselves and their visitors to protect the data they handle.

“Do you run a website built on a CMS like WordPress, Druple, Joomla or any one of the many platforms which is logged into? If so, I strongly recommend using HTTPS.”

Using HTTPS greatly reduces the risk of session hijacking, know as “man in the middle” attacks.

This exploit is, quite simply, when an attacker intercepts a ‘logged in’ session (cookie) and spoofs it to gain access to the website’s administration dashboard.

The attacker then has access to everything. This could range from what is displayed on the website, using the website to send spam emails, through to taking full control of the e-commerce system.


Building consumer trust


Analytics shows that visitors are much less likely to bounce on a website using HTTPS. Most people today are savvy enough to never enter payment details online, unless they see that padlock.

The padlock is a sign of quality and professionalism that builds trust between the visitor and the website. It shows that the website cares about protecting itself and its users.

We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.



Search Engine Results Page improvements


It’s been over two years since Google announced that it prefers websites that use HTTPS. HTTPS sites earn better search rankings to further Google’s goal of delivering better results to its users.

Get the full picture of where your traffic is coming from


Analytics data is vital for measuring and improving and with HTTPS, you won’t miss a thing. When a visitor arrives at an HTTP website from a secure HTTPS website, the referral data is removed.

Whenever traffic passes from a secure HTTPS site to a non-secure HTTP site, the referral data gets stripped away. This traffic shows up in your analytics report as ‘Direct.’



What are the costs?

Maybe consider the costs of not using HTTPS.

The cost, enabling HTTPS is broken down into two parts. The certificate installation and the cost of buying the certificate, which usually lasts for one year. Different certificate authorities charge different amounts and likewise different engineers charge varying rates for installation.

Read Web Technology feel strongly about high standards, best practices and security; so HTTPS is used as standard.

Is HTTPS something you should be using?