Encryption has been keeping your data safe for years now, and you might be using a VPN application to form a secure internet connection and protect your personal information from prying eyes. That’s all great, but with thousands of websites still using the unencrypted HTTP instead of the encrypted HTTPS, your information is still at risk.
Even if your VPN provider encrypts the traffic originating from your computer and transfers it securely to their server, without HTTPS active on the destination server your data is still at risk. The information transferred between the VPN provider’s server and the unencrypted destination server you access is not encrypted in any way.
We’re not discouraging the use of a VPN, by all means use one. They’re very helpful especially when using public Wi-Fi connections. What we are encouraging however, is to always, always use HTTPS for your own sites and being careful not to enter any passwords or other personal information to websites not using HTTPS.
What is HTTPS?
HTTP Secure, or HTTPS, is an extension of HTTP, the Hypertext Transfer Protocol. It was designed to secure internet communications by using encryption and web server authentication. HTTPS is activated on a web server by installing a SSL certificate on the server. A SSL Certificate is a small data file that authenticates the server to the user, informing their browser that the server is trustworthy and enabling the encryption of the communication between the browser and the server.
Last year the average volume of encrypted internet traffic finally surpassed that of the unencrypted internet traffic, meaning that more than 50% of the data transmitted over the internet was encrypted. This in itself is an impressive feat, yet there is still work to be done, as unencrypted internet traffic does account for the other half of all traffic. HTTPS in itself is not perfect, but it is vastly superior to HTTP when it comes to speed and security.
We here at Seravo hope to see the day when all internet traffic is encrypted, which is why all of our customers get a free SSL certificate automatically provisioned and installed on their WordPress website when they sign up for our WordPress hosting and upkeep.
If you have a SSL certificate installed, and HTTPS works on your site, you might still get warnings from browsers. This is due to mixed content, which means that some assets on your site are still served over an unencrypted HTTP connection. It’s common that if a site starts using HTTPS after content has already been uploaded over HTTP, the existing content served over HTTP needs to be routed through HTTPS. This can be done in WordPress by using a plugin such as SSL Insecure Content Fixer or by using search-replace via SSH.
Firefox blocks active mixed content, which means that scripts, links and iframes, for example, are blocked by the visitor’s browser when entering a site that’s not properly secured using HTTPS. Even worse for webmasters with no SSL certificate or proper configurations for the HTTPS connection, Firefox users can choose to enable an additional security feature, which also blocks passive mixed content, meaning that not only links and scripts are getting blocked, but passive content such as images, video and audio is also blocked by the browser.
Google Chrome has been flagging sites that ask for user information over an HTTP connection as ‘Not Secure’ since version 62, that was released as a stable version in October of 2017, and version 68, scheduled for release in the coming weeks (July 2018), will flag all sites not using HTTPS as ‘Not Secure’. Similarly to what Firefox does, Chrome also blocks insecure elements and aspects on the site.
Why Does Your Site Need HTTPS?
Having HTTPS enabled on your site means your users information is secure, that your own logins are secure and your site’s visitors will not get a warning from their browser saying that your site is not secure, to name just a few.
It also means that your site is able to use HTTP/2, which is the faster, updated version of HTTP. This means that in addition to added security, your site will also become faster and rank better with Google, as Google lists both HTTPS and site speed as ranking factors.
Why Wouldn’t You Use HTTPS?
So the question really is, why wouldn’t you use HTTPS protection? It is one of the earliest features provided by Seravo. Since 2016 we’ve been providing SSL certificates installed and ready to go on all WordPress sites hosted with us, at no additional cost. Some hosts might charge extra for it, some may require you to install it yourself.
But neither “I don’t want to pay extra for it” nor “I don’t know how to install it” is a valid argument for not using HTTPS anymore.
Seravo Invests in Information Security
HTTPS protection is one of the many ways to improve the security of a website, and at Seravo’s WordPress hosting, HTTPS is always enabled and enforced. Read more about Seravo’s information security features.
Comments
One response to “HTTPS is not optional”
[…] All of our customers have free SSL certificates automatically installed on the sites they host with …. wp search-replace can be used, for example, to make sure no mixed content warnings exist on the site after migrating it to our servers. […]