The advantage that HTTPS based access has always provided is that while HTTP based access provides no security to users, HTTPS based site access provides encrypted connections to users with the site’s certificate being verified by a third party authority. Starting in 2014, Google has been using HTTPS as a ranking signal and for indexing SSL certificates. This means that websites that are only accessible via HTTPS are already getting a significant bump in the rankings, providing you with a good amount of free traffic from search.
In 2016, Google indicated its intention to mark HTTP pages with the same indicator as broken HTTPS. Google also announced the Security Panel, which is a new developer tool for Chrome that will help developers identify the issues which are preventing a site from being able to attain the green padlock, that represents a proper secure connection. SSL is used to encrypt the link between the server and your browser. While SSL used to be challenging in terms of implementation and was often expensive, several initiatives and the latest browser technology have greatly eased the process of getting a certificate.
Labelling for HTTP pages
In September 2016, Google made an announcement that starting in January 2017, Chrome would label HTTP pages with credit card form or password fields as being not secure, owing to their sensitive nature. Google has also clearly indicated that in subsequent releases, they would continue to extend the scope of HTTP warnings by attaching a label of “not secure” to HTTP pages when users are using Chrome in Incognito mode, where users typically have higher expectations in terms of privacy.
Google has clearly indicated that their eventual plan is to attach a label of non secure to all HTTP pages. They would also modify the HTTP security indicator in Chrome to the red triangle symbol used for broken HTTPS.
WordPress moving towards SSL
WordPress has made it clear that 2017 will be the year when WordPress is going to add features that will require hosts to ensure HTTPS availability. In 2017, WordPress will start promoting only those hosting partners which provide SSL certificates on their accounts by default. Post that, WordPress plans to start assessing which features including API authentication would gain the most benefit from SSL and enable them only when SSL is present.
How does HTTPS work?
HTTPS pages typically use either SSL or TLS. Both the protocols employ what is termed as a Public Key Infrastructure (PKI) system. A PKI is an asymmetric system that uses two keys, a public and a private key to encrypt communications. Any piece of data that is encrypted using a public key can be decrypted only with a private key. The private key should always be kept completely protected and accessible to the private key’s owner.
Advantages of HTTPS
There are specific advantages and disadvantages of implementing SSL encrypted HTTPS connections for your users. HTTPS is a secure implementation of HTTP. It is basically an implementation of HTTP over SSL, also called TLS. HTTP employs high strength public key cryptography in order to encrypt the connection between a server and a client, often a web browser. This type of high grade encryption ensures that only the server side and the client side program are aware of the data being passed between them.
The implementation of this type of encryption scheme requires the installation of an SSL certificate, which operates to verify the server identity through a certification authority. It is the SSL certificate that provides the keys used for encrypting and signing data. So long as the certificate’s private part remains private and there exist no other failures during implementation, HTTPS is guaranteed to remain highly secure and provide a grade of encryption that is virtually unbreakable.
The fact of the matter is most of the sites do not need extremely high levels of security and privacy. For example, if you are just going to create a basic website, then you don’t need such an intense level of security. However, the fact is that the internet has become ubiquitous for applications exchanging various types of sensitive data including credit card numbers, date of birth information and social security numbers. In this scenario, several leading organizations including Google have started emphasising HTTPS over current implementations based on HTTP.
These are some of the key advantages of HTTPS:
• Identity verification:
The prime advantage of a certificate is that it guarantees the information that a browser is receiving actually originates at the expected domain
• Data integrity:
HTTPS connections make it very difficult to pull off ‘man in the middle’ type of attacks by encrypting the data transmissions. This helps protect the integrity of the data.
• SEO:
Google has converted HTTPS connections to a ranking signal in line with its vision to drive users towards secure sites. What that means is that all else being equal, the site accessed via HTTPS is going to be ranked higher than one without.
• Trust:
The green padlock symbol is an indication that the website that is being visited is complete secure, which gives you more confidence to share your information with the website.
Disadvantages of HTTPS
HTTPS does have some significant disadvantages. These are some of them:
• Significant usage of server resources:
It is definitely true that HTTPS requires significant amount of memory and processing power for encryption. However, with servers of the current configuration, most of the inefficiencies in the OpenSSL library and other implementations have been completely resolved. With this background, the performance issues are not likely to affect your server if you implement SSL.
• Latencies:
SSL connections do take longer to setup including more roundtrips causing increased latency. Most of the time, this increased latency is nothing to worry about.
• Issues with browser caching:
There used to be issues with browser caching but, the now only modern browser that cannot properly handle caching HTTPS connections is Internet Explorer 6. If you have a requirement to support Internet Explorer 6 in a legacy type environment, then SSL is likely to cause problems.
• You will need to purchase an SSL certificate:
All you webmasters out there; 2017 is the year when Google’s love for HTTPS hits the next level; we advise you align your SEO tactics to this.
Thanks for sharing this… Mr.Stephen Channer. All resources are very useful for developers. Keep sharing!