A business website is the visible digital face of your brand and it also serves as the hub for marketing as well as retailing ventures. But often, websites are unprotected and vulnerable to security breaches from hackers, who are typically looking to steal data, acquire identities, eavesdrop on emails, inject ads or get access to the site. News of high-profile security breaches and large-scale data dumps keep making headlines every month. Email providers, U.S. Department of Justice, banks, retail outlets and even brick and mortar businesses have all been victimized. These breaches can cause significant reputational and financial damage to everybody involved, with consumer confidence taking a hit. Online security is a continuing game of cat and mouse between website developers and hackers. And search giant Google has positioned itself at the forefront of this ongoing battle by introducing game-changing plans that will go into effect in January 2017 with the release of Chrome 56. In this article, we will explore what changes to expect in the Chrome browser, how it will affect your site in the coming year and how HostLabs can help google chrome to secure your web experience..
How Google Chrome is Changing
People often cannot gauge the security of the sites they visit and google chrome to secure your web experience can help, because there is only an inscrutable icon to tell apart an encrypted site, with locked connections from unprotected sites that are open to threats. Historically, Google Chrome has never used explicit designation to let users know whether a site is secure. There is no clear labeling of HTTP connections as non-secure. For sites that use the https:// prefix, Chrome puts the prefix in green and displays a little lock icon next to it. Studies have shown that customers do not generally perceive the lack of a icon as a warning, and users who do worry about it have become blind to frequent warnings.
But as announced in September, Google will start flagging plain HTTP connections as insecure with the release of Chrome 56 this month. In a push to get more websites to implement encryption for better protection, Chrome will start naming and shaming nearly half of the world websites that dont use strong encryption. Any website not running HTTPS will have a message appear in the location bar that says Not Secure on non-secure pages containing password and credit card input fields. In the new version of Chrome, warnings will be enabled by default for everyone.
Future updates will add new warnings to incognito browsing, with all non-HTTPS pages in incognito mode being labeled as Not secure because users have an increased expectation of privacy in this mode. Even any non-HTTPS site offering downloads may be flagged as unsecure. Finally the plan is to display a prominent red triangle as a warning.
HTTPS Report Card from Google shows that around 51 percent of Windows Chrome traffic is encrypted and 60 percent for MacOS but Android falls behind at 43 percent. With its security warnings, Google wants to punish these laggards while working to make the HTTPS adoption process easier. It has created tools to assess the components of an HTTPS site so that developers are aware of the flaws that trigger Chrome warnings. If you notice any web forums, download sites, and other sites that require registration without the telltale sign of a green padlock, then you know they will be getting an unpleasant wakeup call when they fail Chrome tests.
What is HTTPS And Why Is It Important To You?
HTTP stands for hypertext transfer protocol, which allows communication between different systems. The problem with HTTP is that data is not encrypted, and it can be intercepted by third parties. You don’t want hackers intercepting and eavesdropping on HTTP data as it is being transferred from your computer to a web server and back. This problem is easily addressed by a secure version called HTTPS, where the “S” stands for secure and it involves the use of an SSL certificate. Secure Sockets Layer (SSL) is a global standard security technology for encrypting communications between the web server and the web browser. The SSL certificate is a guarantee that any information you receive is secure and accurate. URLs beginning with https prefix, displaying a security padlock to the left of the URL or a trust seal and sometimes a green address bar are all visual signs for the trusted SSL certificate.
The move by Google chrome to secure your web experience to flag unencrypted sites is sure to change the standard for security online because nearly 71% of all local searches on Google are performed through the Chrome browser. Why is this important to you? Surely you do not want to discourage such a large chunk of your online traffic from clicking on your website. Moreover having a secure site also does wonders for your search engine optimization efforts. The https:// designation is also a factor when evaluating websites and ranking them for search results.
Getting HTTPS For Your Site
There are some costs involved with adding the SSL certificate to your site but there is no reason to be on the losing side of the HTTP vs. HTTPS battle. Here is a detailed list of the steps involved in obtaining the SSL certificate and adding it to your site.
1. First, purchase an SSL certificate and a dedicated IP address from hosting companies, such as HostLabs . You can choose between the organization validation display, which will show your company name next to the green lock or the domain validation option, which only shows the green lock.
2. Install and configure the SSL certificate on your web server. You should run a test once it is installed to make sure it is working properly.
3. Have a full back-up of your site to revert back in case you need to revert back.
4. Search and configure any hard-coded internal links within your website, from HTTP to HTTPS.
5. Update all code libraries, scripts and third-party plugins on your page.
6. Add a 301 redirect to all directory listings and any external links you control to HTTPS. If you do not want your search rank to suffer, it is best to do this at the server level instead of using a plug-in.
7. Update your robot.txt file and htaccess applications to redirect HTTP traffic to HTTPS. This will ensure all blocking rules or hard-coded links point to your new https:// address.
8. If your site uses a content delivery network (CDN), add the SSL certificate to your CDN SSL settings, too. Also, update your origin URL on the CDN and enable HTTP/2 support on it too.
9. Update all links in marketing automation tools and change hard-coded links on your CDN to https://.
11. Update all the URLs for your search engine ads, paid search links, social media pages and landing pages, and so on.
Donxe2x80x99t Wait; Start Today
While making the switch to HTTPS is fairly simple for smaller sites, with less than 50 pages; for larger and more complex websites, with elements such as ads and video, encrypting every piece of content can be more complicated and may require professional help. There is no point postponing the inevitable so get on it and get your site updated before Google Chrome begins displaying the first warnings. HostLabs can help you meet Googlexe2x80x99s bar with either a shared or a personal SSL certificate. To reap the rewards of offering your customers a secure website, the direction of travel is clear and Google chrome to secure your web experience can help.