The Importance of HTTPS and SSL Certificates

This June, Google will release version 68 of Chrome and take another step in firmly advocating that sites adopt HTTPS encryption. Once Chrome 68 is released, all sites using HTTP will be marked as “Not secure,” as demonstrated in the graphic below:

Source: blog.chromium.org

This doesn’t mean that your site is any less secure than it was prior to the release of Chrome 68; it’s a result of Chrome changing how it evaluates the security of a site – and a strong indicator that it’s time to move to HTTPS. Nearly two-thirds of small businesses based in the United States have a website, and keeping current with standards is an important part in maintaining a site, particularly when it’s used as a marketing tool for your business.

There have been great strides over the past year to increase HTTPS adoption, and Chromium’s blog has some very positive statistics to share:

• Over 68% of Chrome traffic on both Android and Windows is now protected
• Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
• 81 of the top 100 sites on the web use HTTPS by default

Of course this just covers reported numbers from Chrome, with a majority of the market share of browsers currently in use, but it’s safe to assume that other browsers will follow suit with time.

So with the importance of switching to HTTPS so clear, it’s time to do something about it. Installing SSL certificates on your site will allow visitors to connect via HTTPS, not only increasing security for all information transmitted back and forth, but help maintain trust as well.

Debunking myths about SSL

There was a time, many years ago, when installing a SSL certificate was a bit painful. Things have changed considerably, particularly over the past several years, but many of the past drawbacks have remained as modern-day myths; many of which act as a deterrent from their usage.

Only e-commerce sites need SSL

In the past, this thought was valid; but the Internet moves at such a fast pace that we might as well consider the statement’s validity to have applied in a previous epoch, scribbled on cave walls by early Internet dwellers. Prior to the explosion of web applications, most sites were largely read-only. Now, many sites store our personal information which must be protected during transmission. Over 80% of the top 100 sites on the Internet use HTTPS, and there’s good reason: to protect your information and their brand’s reputation.

SSL won’t affect web traffic in a positive way

The use of an SSL certificate can affect web traffic – but it does so in a positive way! Search engines have been found to favor sites that use HTTPS, often providing them with a rankings “boost”. A rankings boost presents an opportunity to be seen before your competition, and only provides another reason why you should be using HTTPS. Google’s HTTPS Everywhere initiative alone guarantees a slight ranking boost for websites which offer HTTPS by default. While you shouldn’t expect a significant increase in incoming search traffic, a little boost is a nice bonus for getting a SSL certificate in place.

SSL will slow my site down

As available compute resources have increased and become less expensive, this problem has faded in to the background. Sure, there was a time when you might notice a decrease in site performance once an SSL certificate was installed, but we’re talking about a potential difference measured in milliseconds these days. If you’re concerned with site performance, there are plenty of other areas to optimize; proper compression of your CSS, Javascript, and image assets, usage of a CDN, and overall site structure are just a few (shameless plug: we can help you with that).

SSL certificates protect everything

SSL certificates are not the equivalent to a bullet-proof vest for your website. HTTPS encrypts data during transmission between your visitor and your site, and that’s it. It doesn’t secure your website itself, so you still need to ensure that your site is kept up to date and free of known vulnerabilities. The usage of HTTPS should be seen as a component of an overall plan to keep your site, and its visitors, secure, and not as a overall solution.

SSL certificates are expensive

Let’s jump back to my analogy of a previous Internet epoch for a second – SSL certificates were expensive back then. I remember paying over $300 for the first SSL certificate I purchased and installed, and pricing has changed since. Competition has increased as new certificate issuers have entered the marketplace, driving costs down and organizations such as Let’s Encrypt have made SSL certificates free, and in many cases, nearly effortless to install.

Implementing SSL on your website

Acquiring and installing a SSL certificate isn’t anywhere as difficult as it was in the past. Many hosting companies, such as Media Temple, offer SSL certificates, issued by Let’s Encrypt, as part of their hosting plans, while others will gladly assist you with installation. A secure Internet is in everyone’s best interests, and any good hosting provider will provide both guidance and assistance when it comes to adopting HTTPS.

If you’re using a VM or a server that you have terminal access to, and don’t mind rolling your sleeves up a bit, The Electronic Frontier Foundation’s Certbot application makes using free SSL certificates from Let’s Encrypt a breeze. Installing SSL certificates takes minutes, and Certbot will even automatically update your Apache or NGINX configuration files to use them – even handling proper redirections from HTTP to HTTPS for a seamless transition.

Need a hand getting a SSL certificate in place for your website? Get in touch; we’ll help evaluate the best choice for your needs, install and test your certificate, and ensure that your site is working at peak performance with HTTPS.