The Importance of Securing Your Website Connection
Today we are going to be talking about securing your website connection, and why it is important that you do so as soon as possible.
I recently caused a bit of a stir, in the information security community with my opinion on https and the recent push being initiated by Google, which will be followed by other browsers soon was to blame. While my opinion remained, I did change my thoughts on the importance of HTTPS and even took two minutes to move forward with securing my own website connection. That’s right it took about two minutes maybe less, it was literally 3 clicks from cPanel.
Table of Contents
- 1 What does it mean to secure your website connection
- 2 What does TLS(HTTPS) do?
- 3 Does HTTPS protect my website from all threats?
- 4 How could my website be compromised in transit?
- 5 Will HTTPS guarantee my websites connection is secure?
- 6 How much does HTTPS cost to setup?
- 7 How can I protect my websites connection
What does it mean to secure your website connection
Basically it is using HTTPS instead of HTTP. Previously known as SSL (Secure Sockets Layer), now called TLS (Transport Layer Security).
What does TLS(HTTPS) do?
TLS protects a website by encrypting its data as it travels the web. While it does not protect the website locally, it does protect the data as it is loading onto a browser or being sent across the web.
Does HTTPS protect my website from all threats?
No. HTTPS only secures the connection. It does not protect your website files and data while it is not in transit. It is also important that you take appropriate measures to secure your website locally. That will be a topic for another day.
How could my website be compromised in transit?
It is possible that ISP’s, government agencies, hackers, or anyone with the right tools and knowledge, to intercept your website as it is called to a browser or sends information. Even if you are not sending personal data, a bad guy could intercept your website as it moves across the web. They could access and modify links, images, text, forms and any other information on your website. They could potentially reroute payments, and personal information being sent through the website, or they could inject malicious code that could infect others as well.
Will HTTPS guarantee my websites connection is secure?
No. There are no guarantees. It is possible that even with HTTPS your connection could be compromised. However, it is very unlikely. TLS (HTTPS) is the most current protocol used to secure your connection. The likelihood that someone could decrypt the data sent over HTTPS is extremely low.
How much does HTTPS cost to setup?
In many cases it doesn’t cost anything. It is absolutely free. Some hosting companies are charging for this, which is unfortunate in my opinion, considering it doesn’t cost them anything. Godaddy is offering encryption for as low as $60 a year.
How can I protect my websites connection
There are several ways you can encrypt your data. For my website I was able to log into my cPanel and use the Lets Encrypt plugin to secure my connection in about 3 clicks. You can check with your hosting provider and see what they offer. I suggest starting with Lets Encrypt as they offer a free automated option that is user friendly.
Now for the reason I am suddenly jumping on board with this HTTPS push. I was never against HTTPS whatsoever, I was a bit misinformed on the capabilities of HTTPS and the vulnerability of not having it. My initial disapprovement is how Google will be flagging sites that are insecure. I still do not agree with their strategy but I do agree with the ultimate goal. We all want a more secure web. And while I believe flagging all HTTP sites connections as “not secure” will lead to a loss of business for that website, it has encouraged me to raise awareness in a way that does not harm your business. Ultimately HTTPS is good for business because it provides security for your customers online. And I believe that a business that wants to succeed will always do what is right for their customers. I do not believe we need to flag your website to force the issue. I believe that awareness and understanding is enough. I believe that once you know what is going on you will naturally do what is best just as I did.
The problem is, not everyone will hear the warnings until it impacts their business negatively. So I am asking everyone out there that reads this to help raise awareness before it is too late. Google will start flagging HTTP sites this month. Firefox and other browsers will soon follow their lead. Click one of the share buttons below to spread the word. It is in your business and your customers best interest to secure your websites connection as soon as possible. I, unlike Google will not try to accomplish this by scaring your customers… I am trying to accomplish this by hopefully scaring you, the business.
Save a business, share this post!