Why you need HTTPS
Friday 14th October 2016
Running your website over a secure connection (HTTPS) is fast becoming the norm.
What is HTTPS?
When you complete a form on the web, the information you send is routed through dozens or even hundreds of computers between you and the website you're sending it to.
If the website's address starts with HTTP:// then all the information that you send to that site is unencrypted, and could potentially be read by any one of those computers en route.
Because of this, the web is moving more and more towards using HTTPS:// where the S means it's secure. You'll often see a little padlock icon next to it.
This means that all the data you send to the website, and everything they send back to you, is encrypted. None of the computers in between can read your information.
Google want you to use HTTPS
Google have been pushing this as the new standard for a few years now, but starting in January 2017 they're getting really serious about it.
As you can see in this blog post from the Google Security Blog, they're going to start showing "Not secure" text next to websites that have password or credit card fields:
Eventually, Google will extend this to any website that runs over HTTP, and this text will be in red with a warning triangle next to it:
September 2017 update:
We're now receiving warnings about any details that your users send to you over a non-secure connection:
What are my options?
To make your website run over HTTPS, we have to buy and install a document called an SSL certificate.
It's a digital set of keys that allows your website to communicate with your visitors securely. We offer two kinds of SSL certificate.
This is a high-quality certificate, which involves a series of steps to verify your company identity. It can take a couple of days to validate, and will need bank statements and utility bills to obtain. The result is a very trustworthy certificate that gives a good impression to your site visitors.
We recommend this kind of certificate to large organisations and public sector bodies.
We charge £120 +VAT per year for this service because of the work involved.
This is a basic certificate, doesn't require any verification and is granted immediately based on the information on your domain name. It doesn't have the respectability of the certificate above but still ensures that all data transmitted to and from your website is encrypted.
We recommend this kind of certificate to smaller organisations and personal websites
We charge £50 +VAT per year for this service.
At the end of the day it's your choice whether you want to secure your website by running it over HTTPS, but from January 2017 Google will start highlighting that your website is insecure.
We strongly recommend buying a secure certificate of one kind of another, at the very least you should have a Domain Validation certificate.
Please give us a call or send us an email if you want to discuss it.