Everyone knows the importance of online security. However well we protect ourselves, cyber crime remains a constant threat, and as is so often the case, it is necessary to keep improving to stay one step ahead of the criminals.
At the beginning of 2017, Google’s Chrome browser started toflag non-HTTPS sites as non-secure, and Firefox was quick to announce similar plans. This has led to concerns for many owners of sites hosted by WordPress as to what it means to them and how they can be confident that their site is adequately secure and optimized to bring the best in terms of conversions and return on investment.
HTTP or HTTPS?
You are probably well aware that there is little difference between HTTP and HTTPS protocols except for the fact that the latter is more secure. HTTP transactions between a visitor’s machine and your site could, in theory, be observed by other third parties. HTTPS uses an additional level of encryption to prevent this from happening.
Historically, there was the general opinion that HTTPS is essential if you are processing sensitive information, such as personal data, contact details, payment transactions and so on. But if you are running a simple blog, or a site that supports your bricks and mortar business but does not engage in ecommerce, you might argue that this additional encryption is not needed and HTTP is just fine.
However, Google’s decision has become a game changer. Open up Chrome and take a look at the navigation bar. On a secure site, you will see a reassuring green padlock with the word “secure” alongside it. For HTTP sites, Google flashes up “red for danger” warnings, telling you the site is not secure.
Is your site secure?
The implications of a non-HTTPS site on SEO and conversion rates go without saying. Clearly, if your site flashes red for danger instead of green for secure, you are going to get fewer people hanging around, even if you are only publishing news content – cautious visitors will sense danger and leave.
To enable HTTPS, you need an SSL Certificate, which allows your site to communicate with any visitor with the extra level of encryption in place. It also provides that green seal of approval, telling the world that your site is safe.
The good news is that any WordPress site should migrate to HTTPS automatically, However, it is important to double check, particularly with more established sites, and to contact WordPress support if your site is flagged as non-secure.