Running a secure website is one of the most important elements to consider for your online presence. Whether you’ve had a website for a long time, or you’ve just created one, site security is extremely important especially for eCommerce websites.
Not only that, but any site that requires or stores any kind of visitor information, including something as simple as login information, should provide security to site visitors.
What does “not secure” website mean?
If you’ve visited a website, (maybe even your own), and noticed a warning in the search bar that says, “not secure,” you’re no stranger to feeling cautious upon entering the website.
You might ask yourself questions like “what does ‘not secure’ website mean?” or “what information isn’t secure?” These are both valid questions and something that you should be aware of before entering a website that has the dreaded warning in the search bar.
Here are some things you have to know when it comes to websites that aren’t secure:
HTTP websites are not secure
HTTP, or Hypertext Transfer Protocol, is placed at the front end of website URLs in order to display a website. It’s a protocol used by the World Wide Web in order to fetch HTML documents or in short, display web pages.
Unfortunately, website URLs that are preceded by HTTP are not secure. This means that your login info, or your personal information like credit card numbers, could be stolen, read, or modified by hackers.
HTTPS websites are secure
On the other hand, website URLs that are preceded by HTTPS are secure. This means that when you a see a website URL starting with HTTPS, you won’t get a “not secure” warning, and you don’t have to worry about the possibility of hackers stealing your personal information that you use on the website.
Popular websites like Google.com and Amazon.com use HTTPS to show users that they are safe when browsing and making online purchases on their websites.
What does HTTPS provide?
- Encryption– Nobody can track or steal information.
- Integrity– Data won’t be corrupted
- Authentication– Validates website are communicating properly
HTTPS provides encryption, which means nobody can track or steal your personal information, integrity, which means that data can’t and won’t be corrupted during transfer, and authentication, which validates that websites are communicating correctly with the right website.
Google has always advocated for HTTPS sites as opposed to HTTP sites, but in 2018, they made that even clearer. Starting in July 2018, the search engine started providing users with the “not secure” marker in the search bar potentially decreasing site visitors to insecure sites.
“Not secure” doesn’t mean your computer has virus
When users see a “not secure” warning, they may think that it’s the first sign of a computer virus or malware. That’s one thing you don’t have to worry about!
We mentioned before, the “not secure” warning simply means that your information is not secure on that website, and that you should refrain from entering any personal information.
Websites that don’t utilize HTTPS could rank lower in results
Google’s main job as a search engine is to provide users with the results that most closely fit their search query. The results that Google provides for any given search is based on tons of factors including keyword targeting, domain authority of the website, number of backlinks, and the list goes on.
But Google is also known to use website security as a ranking factor means if you own a website that doesn’t utilize HTTPS, you may see your site rankings get worse.
Google wants to provide search results that not only fit a user’s search query, but also provides them with a secure experience.
My website is not secure, how can I fix it?
Adopting HTTPS is far from difficult, so check out this five-step process to secure your website for site visitors and customers.
1. Install Secure Sockets Layer (SSL) certificate
In order to make your HTTP site secure, you’ll need to install an SSL certificate on your website. When you install an SSL certificate, a few exchanges take place, which provide a secure version of your website to your site visitors.
- Your browser will connect to a website and request the server identity.
- The server will respond by sending the browser the SSL certificate
- The browser will determine if the SSL certificate is trustworthy
- If the SSL certificate is trustworthy, it will send the server a message
- The server will respond with a digitally-signed document that gives permission to start a session that is encrypted by the trusted SSL certificate
- The browser and server share encrypted data
2. Ensure that internal and external links use HTTPS
If you want both your internal and external site links to continue to operate effectively, you’ll want to ensure that you change them all to https as well. This might sound tedious, but it’s crucial to ensure that HTTPS helps your website instead of hurting it.
3. Verify your website in Google Search Console
After installing your SSL certificate and ensuring that your site links use HTTPS, you’ll want to verify both the HTTP and HTTPS version of your site in Google Search Console.
In doing so, you’ll also want to be sure that your preferred domain is set to the HTTPS version. This will ensure that site visitors are served the secure version of your website.
4. Ensure that HTTP URLs are redirected
If you mention your website on any third-party sites that you have control over, you’ll want to be sure that you change mentions of HTTP to HTTPS. You’ll also want to create 301 redirects on your own website to make sure your HTTP URLs reference the HTTPS version.
5. Update XML sitemap
Next, you’ll want to update your XML sitemap to reference the HTTPS versions of your site pages. Your sitemap acts as a road map for site visitors and Google alike to help them easily navigate your website. To ensure that Google re-crawls and indexes your website with new links, you’ll want to submit you’re updated