Why Encrypting Your Website Is Now Something You Need to Do
November 14, 2016
Look at up to the address bar in your browser. Notice how at the very beginning, before the “https://learning.linkedin.com/blog” part, there is a small padlock?
That means the connection between your browser and the server this article lives on is secure and encrypted. In the near future, it will also mean your connection is significantly faster than it was before.
As we roll into 2017, that “S” at the end of your “HTTP” – long considered an expensive feature for sites accepting credit cards – will become one of the most important features of your website.
What is web encryption and HTTPS?
When you use your browser to visit a site on the web, you use the Hypertext Transfer Protocol (HTTP) to transfer data back and forth between your device and a server on the web. HTTP is unencrypted and open, meaning data is transferred back-and-forth in plain text, and anyone “listening in” would be able to hear what’s being transferred.
Think of it as having a conversation in a crowded food court at a mall. Anything you say can be heard by other people, but they are most likely ignoring you. This is fine as long if you’re talking about the weather or what type of beverage you prefer, but if you were talking about personal finances, proprietary company information or making a purchase with your credit card, you would want a certain level of privacy so others couldn’t listen in.
That’s where web encryption through HTTPS comes in. The “S” at the end of the “HTTP” means the connection is secured through either TLS or SSL, effectively making it impossible for eavesdroppers to figure out what you’re saying or injecting themselves between you and your conversation partner. You and your conversation partner use a secret code to encrypt your communications, and only the two of you have the key.
Historically, HTTPS has only been used by sites that required a high level of security, for credit card processing or transfer of sensitive data. That made getting an HTTPS certificate an expensive and complex process.
Those days are over. Today, HTTPS certificates are available for free through many services like Let’s Encrypt, and their setup is usually a one-click process in your hosting admin panel.
HTTPS is about to make the web a lot faster
With all this talk of security, it may surprise you to know that encrypting your site will make it a lot faster.
Let me explain: The protocol used to transfer data over the web, called the HTTP Protocol, is in the midst of a major version upgrade. And as the new version HTTP/2 comes online, encrypted connections will receive a significant performance boost.
In the previous protocol, your web browser could only request one file at a time from the server. And since most websites comprise a long list of files, getting all of them into the browser would take a long time.
To get around this problem, modern web browsers started cheating, opening up to six parallel connections to the server to pull the files down. And while that worked better than having just one connection, it also caused problems like overlap and head-of-line blocking.
HTTP/2 changes all this. Under the new protocol, a single connection can do what’s known as “multiplexing”, effectively making numerous requests and transferring numerous files at the same time. The end result of this (plus a virtual cornucopia of other performance enhancements) is a significantly faster and more efficient web.
“Okay, but what does HTTP/2 have to do with HTTPS and encryption”, you ask? The answer – everything!
For a connection to use the HTTP/2 protocol, three requirements must be met:
The server must support HTTP/2.
The browser must support HTTP/2.
The connection must be encrypted through HTTPS.
If any of these three are not met, the connection automatically falls back to the previous protocol.
Here comes the good news. The two first requirements are being dealt with already: Hosting companies all over the world are already upgrading their infrastructure to support HTTP/2. And HTTP/2 support is already available in all modern browsers.
That means the only thing you need to do to take advantage of this new protocol is encrypt your website.
Starting in 2017, encryption is essential for SEO
If speeding up your website isn’t enough of an incentive, consider this: Starting in January, Google Chrome will flag unencrypted websites with a login form or credit card processing as “Not Secure” right in the browser (more background), and other browsers are sure to follow suit. Just as importantly, Google announced they will start weighting search results based on encryption, giving encrypted sites preference over unencrypted ones all the way back in 2014.
So, between increased security, boosted performance, better search rankings, getting your site flagged as “Secure” in the browser and that SSH/TLS certificates are now offered for free by many providers, there really is no reason to drag your heels on encryption.
Like they say in the infomercials: Avoid disappointment and future regret. Act now!
*Image by Akobets, Wikipedia Commons
Interested in learning more? Here are some related LinkedIn Learning courses about HTTPS, HTTP/2 and web security: