It is no secret that, for a while now, Google has boosted rankings of sites that are served over HTTPS (secure) rather than HTTP (unsecure). Whilst this is already a significant incentive for companies and web agencies to update themselves and their clients to HTTPS, many are still lagging behind with adopting this standard.

Even prominent websites such as IMDb, The Telegraph and Ticketmaster are still serving their users content over HTTP. In many of these cases, the websites that aren’t secure host contact forms which capture sensitive information, take payment details and have a login/user system. Google has even started listing the top 100 websites with a score on their HTTPS implementation (or lack of).

Google have recently announced that upcoming changes to Chrome, the world’s most popular browser, will result in even further penalties for non-HTTPS websites. From July 2018, visitors to unsecure websites will be made very aware of the fact they are not secure (below).

Picture1 - HTTPS: It's time to act!

 

It is a common misconception that websites not capturing personal information/operating an online shop do not need HTTPS. Unfortunately, even static websites (that simply display information) can still be subject to hijacking and surveillance by malicious sources. Google’s new treatment of HTTP pages (above) will not discriminate based on the purpose/functionality of the website, and will display on all HTTP pages. This change is one of the early, hard-pushing steps by Google to drive the web further towards “HTTPS Everywhere”.

Another common misconception is that HTTPS certificates are expensive and complicated to install and maintain. As a general rule for smaller businesses, there are many options out there, that with a little technical knowledge, allow you to get a cheap (or sometimes even free) HTTPS certificate to make your website secure. Acknowledging the significance of having secure sites, many website hosting companies now include an SSL certificate as part of their packages. However, more standalone options now exist; including Let’s Encrypt.

All of the websites we build, maintain and host at Distract come with an SSL certificate as standard, as well as daily security scans and backups. This ensures our clients’ websites are secure, and can continue to serve the hundreds of thousands of visitors that access them every day.

If you’re looking for a reputable agency to take over the management of your existing WordPress website, or to enquire about creating a new website that drives results, please get in contact with us!