Google notified website owners of this important change via Google Search Console and through a series of e-mails to webmasters. Many businesses were scrambling to get their websites converted to HTTPS – a development task that could take many hours, depending on the size of the website being converted.

Back Up. What is HTTPS Again?

In technical terms, HTTPS (HTTP over SSL) is the use of Secure Socket Layer (SSL) as a sublayer under regular HTTP application layering.

In other words, HTTPS is a secure connection between a website and your computer. Information passed between your computer and a website running under HTTPS is encrypted before it is sent, and information coming from the website to your computer is encrypted as well. On a HTTP connection, information is not encrypted.

This is important, because if the connection between your computer and a website is interrupted, or somehow picked up by a third party, sensitive information could be viewed by the person or software application looking in. Putting your name, e-mail address, phone number, credit card numbers, password, and other information into a non-HTTPS website could, potentially, put you at risk for identity theft.

IP With Ease has a few graphics that make the distinction more clear:

Google’s Deadline: “October”

Google wasn’t incredibly clear when the “HTTPS doomsday” would hit, but they did reference a few different dates for HTTP treatment. This isn’t new news – Google has been telling business owners since September of 2016 that this change was inevitable.

Now that October is here, the staff at Iceberg Web Design has been monitoring non-HTTPS web pages to see if we can highlight the changes. Surprisingly, Firefox seems to be ahead of Chrome with their non-secure warnings!

Current Behavior: Google Chrome

Published on October 9, 2017 – current/most recent Google Chrome version on macOS Sierra is 61.0.3163.100

When visiting a website running under http:// with a contact form, the Google Chrome browser’s address bar prominently displays “Not Secure”. This is the same behavior that Chrome was exhibiting in September.

We anticipate this warning will change in the coming weeks, as Google indicated this on their blog post from September 2016:

Current Behavior: FireFox

Published on October 9, 2017 – current/most recent Firefox version on macOS Sierra is 56.0

Interestingly, FireFox has actually taken a firmer approach to HTTPS than Chrome has. When visiting a website running under http:// with a contact form, Firefox’s browser address looks like this:

A little bit more noticeable than Chrome’s warning, we think. Firefox takes this one step farther: when entering a password into a password form on a non-HTTPS website, there is an AJAX pop-up warning the website visitor that their connection is not secure. Here is a visual of what that looks like:

Current Behavior: Safari

As far as we can tell, there are no indications on Safari that a website running under HTTP is not secure.

Now What?

It seems the Internet is still slowly catching on to Google’s requirement. Most well-known brands moved their websites to HTTPS early in 2017, if not even before (Facebook moved to HTTPS way back in 2013). But not all large websites have made the switch – IMDb, for example, is still just running under HTTP. We speculate that the reason they haven’t yet made the switch is because they have such a massive website, pulling in a lot of ads and media files. For a website to function entirely under HTTPS, all embedded media must, in turn, be hosted under HTTPS.

Questions About HTTPS?

Some of this is pretty technical. We’re happy to answer any questions you have – just drop us a line to support @ icebergwebdesign.com, or give us a call at 763-350-8762.

The post Update On Chrome’s HTTPS Requirement: Firefox Takes The Lead! appeared first on Iceberg Web Design.

Beginning in October, the Chrome browser will display a “NOT SECURE” warning when users enter text into a form field on a website using HTTP. This means any website with a simple contact form will be labeled insecure. This is part of Google’s long term plan to communicate the connection security of websites.

As users become more and more aware of these types of notices (most browsers already display a green lock for HTTPS sites) and browsers throw more and more warnings, the benefits of switching to HTTPS begin to easily outweigh the costs. HTTPS is very quickly becoming essential for your website.

How do I migrate my website to HTTPS?

1. Obtain an SSL certificate. At Iceberg we offer a shared SSL certificate free to all current hosting customers.
2. Update all internal links that link to other pages within your website.
3. Put 301 redirects in place as necessary.
4. Ensure any embedded content is also using HTTPS.

As always, we are happy to answer any questions you have. Give us a call at 763-350-8762.

The post Say Yes to HTTPS appeared first on Iceberg Web Design.

Let’s start with the basic technology. HTTP (Hyper Text Transfer Protocol) refers to the protocol used to transfer information back and forth from your web browser to the server where the website, and all of it’s associated files, lives. A normal visit to a website includes hundreds of transmissions back and forth as you click links to request pages and your browser receives the information requested and arranges it on your screen. For a website using HTTP, your browser really doesn’t care how the information gets transferred back and forth.

In contrast, HTTPS implements an additional, secure protocol called SSL to transfer information back and forth (hence the “S” on the end). All the data transferred is encrypted with a security code uniquely established between your browser and the web server, so no other parties can intercept and access the information. An SSL certificate is implemented by the web host and validates the identity of the website.

If your website is transferring sensitive information, such as credit card numbers for online purchases or personal information for banking or medical purposes, then you clearly need to have a valid SSL certificate and ensure all traffic uses HTTPS. But what about small business websites? Does it make sense to just encrypt everything all the time? Here are a few factors to consider if you are thinking of making the move to HTTPS.

1. The cost of the SSL certificate

Depending where your website is hosted, there may be an annual cost for an SSL certificate, and it could be in the form of a dedicated certificate and IP address, or a shared SSL certificate in a shared hosting environment. At Iceberg Web Design, most of our custom web development projects come with a free shared SSL certificate. Many existing Iceberg customers can add on an SSL certificate to their hosting plan at no additional charge.

2. Time required for updating internal links

Your website likely contains many links that lead to other pages within your website. Any links that contain the full url of your site will need to be updated to the https:// url. Depending on the size of your website and number of links, it may take up to several hours of development time to fully check the site, update the links, and add any necessary re-directs.

3. Embedded content

If you restrict your website to a secure protocol, that protocol also requires any embedded content in your website to also be served over a secure connection. For example, if you have a page on your website that uses an iframe to pull in content from an external source, that source also needs to use the HTTPS protocol.

4. Security

A commonly held misconception is that HTTPS will improve the overall security of your website. While HTTPS transmits data more securely between a web browser and web server, it does not provide protection against brute force attacks against your database. A better way to protect your website from hackers is to use complex passwords that change frequently, lock-down login if multiple frequent login attempts are detected, and if necessary, providing an additional layer of protection with htaccess passwords.

5. Google Rankings

With Google including site encryption as a ranking signal in its ever evolving algorithm, many companies are anxious to make the switch in order to boost their SEO ranking. It should be worth noting, however, that this is a very small component of the Google’s ranking system, and companies who do not have HTTPS will likely see no negative impact on their rankings over this one issue alone. Frequent updates to content, utilizing social media and having accurate business listings, as well as off-site SEO efforts, are far more important in seeing improved ranking results.

Just like anything other business decision, you will need to decide for yourself whether the benefit will outweigh the time and cost required to switch to HTTPS. Contact Iceberg with any questions you have about switching your website to HTTPS. We’re always happy to help!

The post The Nitty Gritty on HTTP vs HTTPS appeared first on Iceberg Web Design.