4 minute read
Delivering Your Website Content Securely
By Trevor Owen
NOW, MORE THAN EVER, IT IS IMPORTANT TO DELIVER YOUR WEBSITE CONTENT SECURELY TO PREVENT HACKERS FROM INTERCEPTING YOUR CUSTOMERS’ COMMUNICATIONS USING EAVESDROPPING “MAN-IN-THE-MIDDLE” (MITM) ATTACKS. BY SECURING YOUR CONTENT, YOU ENCRYPT COMMUNICATIONS WITH YOUR CUSTOMER. THIS IS CRITICAL WHEN ENTERING USERNAMES, PASSWORDS AND CREDIT CARD INFORMATION ONLINE. THIS CAN BE ACCOMPLISHED BY MOVING FROM HTTP TO HTTPS PROTOCOL USING A SECURE SOCKET LAYER (SSL) ON YOUR WEBSITE.
Advertisement
HTTP VS HTTPS
“HTTP” (Hyper Text Transfer Protocol) In 1994, Tim Berners-Lee, the creator of the world wide web, introduced the Uniform Resource Locator (URL) as a common method to define the path to resources on the internet. HTTP (“http://”) was the most widely used protocol. Millions of sites still rely on this protocol. We are all familiar with the “http” (Hyper Text Transfer Protocol) prefix, “http://”, in a web address URL used to access content on the Internet. Chances are that you have typed this prefix into your browser address bar to get to a website or two. It is also likely that you have used this protocol when you originally authored your website. It allows you to get up and running quite quickly, is easily understood by your users and is the default behavior for most browsers. Once configured, users could access your site using the format http://yourdomainname.com. All good? Not so fast! The problem with HTTP protocol is that it is NOT secure. To address this issue, you can enable HTTPS on your site to provide end-to-end encryption.
“HTTPS” (Hyper Text Transfer Protocol Secure) HTTPS encrypts traffic by using an SSL (Secure Socket Layer) certificate. This ensures a secure connection between the user and the resource using an encrypted “key”. This is the prominent method to encrypt traffic. Installing SSL for your website involves purchasing a certificate from a Certificate Authority (CA) and configuring its use on your server. The CA ensures the identity of entities like a company, website, email address or person. It is possible that your web host includes a certificate with your hosting. You may need to talk to your host to confirm proper installation for your specific server. There are also different levels of encryption available. The rule of thumb is the more secure the better. Budget does become a consideration when purchasing SSL certificates. Once configured, your site will display the desired “lock” icon to the left of the address:
As well, there is a confirmation of secure connection:
AVOID “INSECURE” WARNINGS In an effort to promote a secure Internet, Google announced in July 2018 that it would bring attention to a website’s protocol if serving unsecured content. They did this with visual cues as shown in this Chrome browser address bar/Omnibox to warn users of potential security issues. Example:
If the user clicks on the information icon, it will expand like this:
NAVIGATING TRAFFIC TO SECURE PATH Once you have SSL available on your site, you can redirect traffic to the secure path using a 301 redirect. This will indicate in your server response that your site link http://yourdomainname.com has been moved and will now permanently resolve to https://yourdomainname.com If a user previously bookmarked your site or entered a non-https link, they will be redirected to the secure path automatically.
BENEFITS OF SERVING YOUR WEB CONTENT SECURELY There are a number of benefits to delivering your content securely. These include: • Level of trust increases. This leads to longer engagement times as users are much less likely to immediately abandon the site. • The data transmitted cannot be altered in transfer through 3rd party manipulation. • Complies with European Union’s General Data Protection Regulation (GDPR). • Avoids warnings. Nobody wants their users to see a warning like this. Users will abandon the site very quickly to pursue other secure links. As awareness surrounding security is heightened, this behavior becomes more pronounced. Additionally, sites that are not secured are scored down in search engine returns resulting in reduced visibility. Thankfully, “https” is available to help mitigate this situation.
WORTH THE EFFORT? While there are a variety of tasks involved, securing your site is well worth the effort. You may need to enlist help to accomplish the tasks but you will be rewarded with better ranking signals used by search engines, users who trust your content and better protection from “Man-in-the-middle” (MITM) attacks.
ARE YOU SERVING YOUR CONTENT SECURELY? If you have yet to update your website handling to ensure a secure connection, you should as quickly as possible. If you need help, contact your hosting provider or a developer. Your business and your customers will benefit.
Trevor Owen, Trystan Media Inc. Active in internet development since 1998, Trevor brings a wealth of experience over many disciplines with a primary focus on Interaction Design & User Experience development. Trevor has been project lead for Software as a Service (SaaS) frameworks, business process automation, content management & data control systems for business, non-profits, sports leagues, and manufacturers. He pursues exceptional web performance in the day-to-day business of web development. When not coding, you will find Trevor busy in his shop building electric guitars. WINTER 2020 | GALLERIE MAGAZINE | 25
