Secure Your Website With SSL Encryption, or else!December 19, 2016 Peter A. Liefer II
What is HTTPS?
Everyone should be familiar with HTTP – Hyper Text Transfer Protocol, the basis of data communication for the entire internet. Every web address begins with HTTP. The addition of the “S” for “Secure” indicates that three extra layers of protection have been added that protects the integrity and confidentiality of your users’ data.
If a URL begins with “HTTPS, you know that the website is more secure. When visitors to your site, provide information via forms or conversations – they want to know that the personal info is confidential.
Data sent using Hypertext Transfer Protocol Secure is protected via TLS (Transport Layer Security) protocol that provides three key layers of protection:
1. Encryption – this layer keeps intruders and eavesdroppers from intercepting your visitor’s data exchanges or tracking their activities because only you have the decryption key.
2. Data integrity – data coming from the user or your site cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
3. Authentication – prevents/deters MITM (Man-In-The-Middle) attacks. Keeps scammers from tricking your users into giving them their data.
Who needs HTTPS?
If you accept payments via credit cards, services such as PayPal or gather important personal information for any reason, you need HTTPS on those pages at a minimum. However, it is a good idea for everyone to use these extra layers of protection.
HTTPS not only keeps intruders from tricking your users into giving up sensitive information but also prevents them from installing malware or keeps advertisements from other companies showing up on your pages. There are also minor SEO benefits.
So how do you migrate your site to Hypertext Transfer Protocol Secure? These are the steps you need to follow:
1. You need to purchase an SSL (Secure Sockets Layer) Certificate.
SSL Certificates are small data files that are installed on your web server that digitally attach a cryptographic key to your business details. When the https protocol is activated, it allows secure connections from your web server to the browser.
A green padlock icon will appear in front of https when it is activated.
There are 3 types from which to choose. The amount of data security is the same for all three levels, the additional validation offers increased customer trust.
1. Domain Validation – the most inexpensive and basic. It only provides encryption and validates the domain is registered.
2. Organization Validation – the middle-priced option, also includes authentication. Also, validates the domain ownership, and organization information included in the certificate such as name, city, state and country.
3. Extended Validation – the top of the line option. It guarantees that the owner of the website passed a thorough, globally standardized, identity verification process. Needed for large e-commerce sites and sites that collect really important private information.
Where do I purchase an SSL certificate?
The certificate is issued by a certificate authority (CA) which verifies that your web address actually belongs to your organization. This protects your site visitors from man-in-the-middle attacks.
When choosing a certificate, Google recommends that you use 2048-bit encryption certificates, so keep that in mind if you go with a certificate that offers different levels of encryption.
You can purchase a certificate from your web host or from many SSL certificate vendor websites that offer different types at different prices. But the best way is to just get it from your own hosting company. The advantage of this is you can have them install it for you on your dedicated IP / hosting server.
However, not all hosting providers will install the certificate for you. If not, you will have to do it yourself or have someone you can trust who knows what they’re doing, perform the installation.
Moving your site from http to https requires dealing with more technical knowledge than some small business owners may have. But you don’t have to be a total computer geek to do it.
2. Installing the SSL certificate
The process for installing a certificate varies from host to host, these are not detailed steps, but just the basic process.
1. Purchase your certificate, download it from the provider to your local computer, make a backup copy of the certificate and save in a secure place. Then use FTP (file transfer protocol) to install the data files to your host server.
FTP clients such as FileZilla are readily available for free. You should be able to find step-by-step instructions in your hosting provider’s support section.
2. Next, change your URLs from http to https. If you don’t, the security certificate won’t function. The addition of the “s” to http makes an entirely different URL.
To make it easier, you can create a URL map of your site on a spreadsheet with a list of http URLs and a list of the corresponding new https URLs beside it. Then, make copies of all your site’s pages and redirect the old “http” pages to your new “https” pages.
3. Then you need to create “301 (permanent) redirects” from HTTP to HTTPS to notify search engines that your website’s addresses have changed. If someone has bookmarked any of your pages, they will now be automatically redirected to the new https address.
If you are using a content management system such as WordPress, you can find free plugins that will add all the 301 redirects to your htaccess file and make this task much easier. Some templates may already include this functionality.
4. Finally, you need to update your internal links, the links that go to pages within your website, which probably you have many. Also, update image links and other links to any resources you have.
These are the basic things that need to be done to get your SSL certificate working for you. There are additional actions you will want to do like making sure that your SSL certificate is installed correctly using a free SSL server test, submitting your site again to indexing and watching your rankings.
There are many resources online that will go into much more detail that you can take advantage of. If this all seems to be beyond your skills, by all means, hire an SEO expert to do it for you.
PrimeView offers an annually renewable SSL Certificate for your site including a one-time setup fee and configuration. Leave it to us to get your site safe and secure for your site visitors at the same time, help your website rank higher in the Google SERPs