AIOSEO Release Testing

Tag: HTTPS

  • WordPress Will Require Users to Have HTTPS This Year

    Home » HTTPS
    HTTPS will not only be an important ranking factor in the future for search machines, but also required for both existing and new WordPress installations.

    WordPress founder, Matt Mullenweg, recently announced that the software will require all hosts to have HTTPS for certain WordPress features to function.

    Don’t panic just yet. If you already have HTTPS, this shouldn’t affect you. But if you’re still using HTTP, you’ll need to upgrade soon. The good news is that the transition is not as difficult as you think it is and the benefits outweigh the assumed disadvantages.

    This article will go over what the WordPress HTTPS mandate means for you as a site owner; the advantages; as well as how to upgrade to HTTPS if you haven’t already done so.

    What is HTTPS?

    HTTPS adds a security layer to HTTP (Hypertext Transfer Protocol). HTTPS essentially encrypts data (using SSL or TSL) that is communicated between servers and clients until it reaches the intended recipient.

    This prevents cybercriminals from accessing sensitive user information and also reduces the risk of tapping and modification of sensitive data. Although HTTPS is not completely foolproof, it undoubtedly has major security advantages.

    HTTPS sites can be easily identified, as they have a locked padlock icon located on the link bar in most common browsers.

    Why is WordPress Pushing HTTPS?

    There’s mainly two reasons for this, so let’s quickly dive into them.

    Google Prefers It

    It is no secret that greater encryption and cyber security has made the Internet a safer place for users. As usual, a Google update signaled the necessity of HTTPS for user experience, SEO and internet security.

    In 2014, Google suggested that enabling HTTPS on your site could result in higher search rankings. Although it still isn’t the only important factor in raising your site rankings, you shouldn’t underestimate its value. For example, if two sites are equal in all ways, but one site has HTTPS, that site would get a boost in rankings.

    Chrome will display a green padlock in the link bar when a site is using HTTPS, assuring users it's using the latest security protocol.
    Chrome will display a green padlock in the link bar when a site is using HTTPS, assuring users it’s using the latest security protocol.

    In January of this year, Google released version 56 of Google Chrome. This new release brought about some changes, notably with how Google Chrome treats HTTPS vs. HTTP sites. The browser now clearly identifies sites that are not operating HTTPS on their systems. For example, a “Not Secure” message now appears on pages without HTTPS that try to collect passwords or sensitive information. You can expect that, eventually, all pages not using HTTPS will clearly be labeled as having insecure connections.

    We can reasonably assume that Google’s preference for HTTPS has been a contributing factor for the changes implemented by WordPress.

    Users Prefer HTTPS Too

    A secure connection can make all the difference from a user’s perspective. Users see HTTPS as a positive signal that you are taking your site security seriously, for their benefit. So, having HTTPS could mean more traffic and longer usage times on your site.

    HTTPS is particularly important if you are operating an e-commerce site. Simply seeing the padlock icon could make users more comfortable in entering their payment details and other personal information. Particularly with the new Chrome update (mentioned earlier) which shows a “Not Secure” label on e-commerce sites or sites that require a user login or credit card information, but don’t have HTTPS.

    Both Google and user preference should be enough reason for you to upgrade your site to HTTPS. It is simply necessary to ensure watertight security for your users and to protect your online business reputation.

    Sites that require users to login or enter credit card information are now displayed as "Not secure" in Chrome when they haven't switched to HTTPS yet.
    Sites that require users to login or enter credit card information are now displayed as “Not secure” in Chrome when they haven’t switched to HTTPS yet.

    Remember when JavaScript was first introduced and quickly embraced by users and webmasters? Looking back, we can see now that JavaScript was essential for smoother and better user experience. HTTPS similarly, presents a number of unique advantages for user experience and security that we should all quickly embrace.

    We know that you may be overwhelmed switching from HTTP to HTTPS. After all, change does takes time to get used to, but in this instance, you may need to quickly get on board. At this point, the advantages of HTTPS have greatly outnumbered the disadvantages. Plus, upgrading to HTTPS is no longer the costly, time consuming, and difficult process that it once was. In fact, getting an SSL certificate in 2017 is fast, sometimes free, and quite easy to implement.

    How to Get HTTPS

    WordPress hosting partners should now provide an SSL certificate for all accounts. (It is required that they all do so as early as the first quarter of this year.)

    Your hosting provider may already provide a free SSL certificate, so check with them first before you make any third-party purchase. If they do not offer a free one, you could ask them if they sell third party SSL certificates. Once purchased, you can ask your provider to install the certificate for you on your server.

    Dozens of major companies are already backing Lets Encrypt, including Automattic (known for WooCommerce, Jetpack, Akismet and WordPress.com)
    Dozens of major companies are already backing Lets Encrypt, including Automattic (known for WooCommerce, Akismet and WordPress.com)

    Another option is to explore the free alternatives, independent of your hosting provider. There are projects such as “Let’s Encrypt” which have now made it easy and quick to secure a free HTTPS certificate for your website.

    Let’s Encrypt is an authorized open Certificate Authority with millions of active certificates in place. There are other comparable projects out there that can help by guiding you step-by-step through the installation process or who have been authorized to deliver certificates.

    Remember that SSL certificates upgrade the website, but not the content itself. That means that the content on your page will also need to be updated so as to avoid 404 errors. Google may interpret the error as a mismatch in the security level of your site. The only way to avoid this is by encrypting the content of your website to match your SSL certificate.

    To track and resolve any 404 errors on your site, you may want to use a specialised plugin such as Redirection to do so.

    What if You Just Don’t Want to Upgrade to HTTPS?

    You could see a number of things happening to your site over time if you do not upgrade to HTTPS. The first may be facing the consequences set out by Google, i.e: lower rankings and having your users staring at a “Not Secure” warning when they try to access your site via Google Chrome.

    The second is that you could struggle with WordPress updates and lose some or all functionality on specific WordPress plugins.

    Third, your site may be an easier target for hacking.

    Those are three consequences that require you to seriously reconsider if you really want to take the risk of not upgrading to HTTPS.

    Wrapping Up

    Let’s put it this way: you will simply have nothing to lose by adopting HTTPS. Yet, if you do not use HTTPS, you could risk leaving your site in the “dark ages” of the Internet.

    But then again, if you’re a WordPress site owner, you have no choice. Take the plunge and let us know how it worked out for you!

  • HTTPS: Is It Enough to Keep Your WordPress Site Secure?

    Your website is a goldmine for cyber criminals. They are fast, invisible and always on the prowl for sensitive customer account details or to simply destroy. If you’re a WordPress site owner, you are no doubt aware of the vulnerabilities WordPress sites have experienced in recent years. The good news is that Automattic recently took a much anticipated security step by adding HTTPS encryption to all custom WordPress.com domains (more than 1 million WordPress sites).

    You are probably familiar with web encryption as one of the most effective ways to keep data secure. Indeed, encryption is a hot topic right now. Apple recently made headlines after refusing to comply with a court order to assist the FBI to unlock the iPhone used by the San Bernardino shooter. Apple stated that it would need to write new software that would essentially be a master key to opening any iPhone. The main argument was that if the FBI could unlock that iPhone, they could unlock many others, putting everyone’s privacy and personal safety at risk.

    For those reasons, among many others, web security should always be at the top of your mind in running your business. But what exactly is HTTPS and how is it beneficial to your business? Can HTTPS alone sufficiently protect your WordPress site? This article will answer those questions in the quest to help you bolster your site security.

    What Exactly Is HTTPS?

    HTTPS stands for Hyper Text Transport Protocol Secure – the secure connection protocol for HTTP. When you connect to HTTPS, you are using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols to protect communications between your computer and a remote server. Both protocols use encryption to keep cyber criminals from intercepting communications.

    HTTPS certificate per browser

    The information you send across the web passes from computer to computer before it arrives at the end server. That means that all computers the information passes through could read the sensitive information: from usernames and passwords to credit card information and social security numbers. SSL or TSL encrypts the sensitive information through its journey to the intended recipient, so that only they can understand it.

    How Is HTTPS Beneficial to Your Website?

    HTTPS encryption is very important for both site security and SEO.

    HTTPS keeps your business communications with your online customers safe and secure. When it is enabled, any information between the server and a client cannot be diverted, modified, or stolen. This kind of security is essential for any site that has a login and/or payment system – basically any ecommerce business. It not only protects your data but allows web visitors to view your site as credible. In that sense, HTTPS is essential for all businesses and new websites.

    Google has also highlighted the importance of HTTPS encryption. In 2014, Google announced that it would start using HTTPS as a ranking signal. That’s right: Google is ranking sites with HTTPS encryption higher than those without it. That announcement pushed a lot of websites across the globe to obtain HTTPS.

    Is HTTPS Encryption Enough to Keep Your Site Secure?

    No. Although it helps protect your sensitive data, securing your websites is much more complex than HTTPS. The bottom line is that it does not protect your site, network or server from getting hacked. It also does not prevent hackers from abusing software vulnerabilities that may be present in WordPress. In fact, in general, we’ve seen quite a few major attacks on SSL and TSL protocols: Poodle, Heartbleed, Shellshock, LogJam to mention a few.

    So what are your options? What can do you to fortify your site?

    What More Can You Do to Protect Your Site?

    Security is highly important and as such, there are quite a few things you need to do and stay on top of. We’ll go into this in more detail in another post. For now, here are a few things you need to do to fortify your WordPress site.

    Know What the Threat Is

    Stay on top of hacking threats. You need to know what is happening, what is possible, in order to protect your site against potential threats. Set up news alerts or follow hacking news sites. The information you receive will give you the ability to take precautionary measures.

    Update, Update, Update

    Update software as soon as an update is available. The reason behind a lot of updates is to protect against a security vulnerability, so delaying an update greatly exposes you to a potential attack. Hackers are constantly on the lookout for vulnerabilities. If you don’t move quickly to patch vulnerabilities, chances are you’ll become easy prey.

    Secure Your Admin Dashboard

    Access to information in the admin dashboard of your website is every hacker’s dream. Set usernames and passwords that cannot be easily guessed; greatly limit the number of login attempts within a specific time period; don’t send account details over email etc. Your admin panel is a treasure-trove so keep it secured at all times.

    Keep Your Network Secure

    An insecure network provides fairly easy access to your site servers. Take some precautionary measures such as frequently changing passwords, expiring logins after a certain period of inactivity, setting strong passwords, and scanning malware on each and every device that connects to your network.

    Back-Up Everything

    Back-up everything, both on-site and off-site. Set up automatic backups several times a day, to various locations, so you don’t lose everything when the worst-case scenario happens.

    HTTPS encryption is great for security, SEO and credibility. You most likely were quite overjoyed when Automattic made the announcement that all custom domains would automatically switch to HTTPS encryption. But that does not mean you’re in the clear when it comes to site security.

    There is a whole lot more that needs to be done to keep any website safe from advanced, constantly evolving and persistent cyber threats. Some of the tips mentioned in this article will help to reinforce your site security; and keep your mind at ease to tackle the more fun business operations.