HTTPS is not optional

Written: 21.6.2018 Updated: 23.8.2018

Encryption has been keeping your data safe for years now, and you might be using a VPN application to form a secure internet connection and protect your personal information from prying eyes. That’s all great, but with thousands of websites still using the unencrypted HTTP instead of the encrypted HTTPS, your information is still at risk.

Even if your VPN provider encrypts the traffic originating from your computer and transfers it securely to their server, without HTTPS active on the destination server your data is still at risk. The information transferred between the VPN provider’s server and the unencrypted destination server you access is not encrypted in any way.

We’re not discouraging the use of a VPN, by all means use one. They’re very helpful especially when using public Wi-Fi connections. What we are encouraging however, is to always, always use HTTPS for your own sites and being careful not to enter any passwords or other personal information to websites not using HTTPS.

What is HTTPS?

HTTP Secure, or HTTPS, is an extension of HTTP, the Hypertext Transfer Protocol. It was designed to secure internet communications by using encryption and web server authentication. HTTPS is activated on a web server by installing a SSL certificate on the server. A SSL Certificate is a small data file that authenticates the server to the user, informing their browser that the server is trustworthy and enabling the encryption of the communication between the browser and the server.

Last year the average volume of encrypted internet traffic finally surpassed that of the unencrypted internet traffic, meaning that more than 50% of the data transmitted over the internet was encrypted. This in itself is an impressive feat, yet there is still work to be done, as unencrypted internet traffic does account for the other half of all traffic. HTTPS in itself is not perfect, but it is vastly superior to HTTP when it comes to speed and security.

We here at Seravo hope to see the day when all internet traffic is encrypted, which is why all of our customers get a free SSL certificate automatically provisioned and installed on their WordPress website when they sign up for our WordPress hosting and upkeep.

If you have a SSL certificate installed, and HTTPS works on your site, you might still get warnings from browsers. This is due to mixed content, which means that some assets on your site are still served over an unencrypted HTTP connection. It’s common that if a site starts using HTTPS after content has already been uploaded over HTTP, the existing content served over HTTP needs to be routed through HTTPS. This can be done in WordPress by using a plugin such as SSL Insecure Content Fixer or by using search-replace via SSH.

Firefox blocks active mixed content, which means that scripts, links and iframes, for example, are blocked by the visitor’s browser when entering a site that’s not properly secured using HTTPS. Even worse for webmasters with no SSL certificate or proper configurations for the HTTPS connection, Firefox users can choose to enable an additional security feature, which also blocks passive mixed content, meaning that not only links and scripts are getting blocked, but passive content such as images, video and audio is also blocked by the browser.

Google Chrome has been flagging sites that ask for user information over an HTTP connection as ‘Not Secure’ since version 62, that was released as a stable version in October of 2017, and version 68, scheduled for release in the coming weeks (July 2018), will flag all sites not using HTTPS as ‘Not Secure’. Similarly to what Firefox does, Chrome also blocks insecure elements and aspects on the site.

Why does your site need HTTPS?

Having HTTPS enabled on your site means your users information is secure, that your own logins are secure and your site’s visitors will not get a warning from their browser saying that your site is not secure, to name just a few.

It also means that your site is able to use HTTP/2, which is the faster, updated version of HTTP. This means that in addition to added security, your site will also become faster and rank better with Google, as Google lists both HTTPS and site speed as ranking factors.

So the question really becomes, why wouldn’t you use HTTPS?

HTTPS protection is one of the earliest features provided by Seravo. Since 2016 we’ve been providing SSL certificates installed and ready to go on all WordPress sites hosted with us, at no additional cost. Some hosts might charge extra for it, some may require you to install it yourself.

Visit our knowledge base to learn how you can enable HTTPS on your WordPress site too!

But neither “I don’t want to pay extra for it” nor “I don’t know how to install it” is a valid argument for not using HTTPS anymore.

Seravo invests in information security

HTTPS protection is one of the many ways to improve the security of a website. Read more about Seravo’s information security features.

Leave a comment

Eetu Mäkelä

Marketing & Communications eetu@seravo.com @EetuPMakela

Search Seravo.com

Categories

More reading

Why Choose WooCommerce?

6.11.2018

WooCommerce is the most popular eCommerce plugin for WordPress, with over four million active installations and it is estimated to […]

What’s new in WooCommerce 3.5?

1.11.2018

Nobody can blame Automattic for resting on their laurels when it comes to improving and updating WooCommerce, with three new minor releases this year already, the latest being WooCommerce 3.5.

Gutenberg revolutionises WordPress

23.10.2018

WordPress version 5.0 that is going to be released this year will introduce the world to Gutenberg, a brand new […]