Google has been leading the charge to create a safer internet; one where it is not easy for hackers to snoop your connection or steal passwords and personal messages, and one that helps ensure that the site you are visiting is authentic, and not a scamming imposter. To help make this happen, they have been encouraging all sites to use HTTPS. Well, their encouragement is getting, err…stronger.
What’s HTTPS anyway?
HTTPS is the secured version of HTTP, the underlying web protocol that defines how messages are formatted and transmitted and how browsers should respond to various commands. HTTPS is an encrypted, secure, version of HTTP. While data transmitted via HTTP is completely readable by anyone, HTTPS requires an SSL certificate and ensures that data is encrypted while is transmission. Sites that are fully secured by HTTPS will display the green lock icon in your address bar.
So, what’s Google doing?
Google is taking a number of steps to push site owners into switching to HTTPS. First, they are only allowing secure sites access to some important technologies:
- Geolocation (let’s your site find where you mobile visitors are)
- Device motion / orientation
- EME (allows playback of encrypted audio and video)
- getUserMedia
- AppCache (lets some web applications/functionality run even while offline)
- Notifications
Some of these limitations, like geolocation, have already been implemented and the rest are on the way. In time, only HTTPS sites will have access to Google’s best technologies.
Second, they plan on moving to a system where HTTP sites are specifically labeled “Non-secure.” You can bet that customers will begin to avoid sites these sites, especially when the browsers begin using some sort of scary looking warning icon in the address bar.
What should you do?
If your site isn’t protected with an SSL certificate right now, you should plan on transitioning to it this year. Adding an SSL certificate used to be pain-in-the-youknowwhat, but recent progress with organizations like Let’s Encrypt are making it a lot easier. Once your site has an SSL certificate installed, you’ll need to make sure that your FULL ancestor chain is also secure. In layman’s terms this means that all of the content your sites pulls into it—whether social media feeds, iFrames (forms, videos, reviews and more), and features provided by plugins and extensions—also must be served via HTTPS.
Implementing HTTPS on your site is often as easy, but can get complicated in some cases. Cinch is ready to help you make the transition so to review your site and create a plan for you, please contact support@cinchws.com
For Cinch Hosting Clients
If you happen to be one of our hosting clients, we have free SSL certificates available through Let’s Encrypt. If you’re ready to make the move, give us a shout and we’ll look at what it takes to get you moved over to HTTPS.
