Why you need HTTPS certification for your website.
The “www.” of most web addresses is usually preceded by either http or https. HTTP stands for Hypertext Transfer Protocol, and is the foundation for communicating data over the internet. The ‘S’ in HTTPS stands for ‘secure’, and the purpose of this simple article is to explain why you need HTTPS certification for your website, even if your website doesn’t take payments.
In January 2017, Google Chrome was updated to version 56, with an increased emphasis on the importance of an HTTPS certificate for websites. Similar updates have also been introduced to Safari and Firefox with others expected to follow suit.
When you visit a website that has a secure certificate you’ll see a little padlock, sometimes green, usually followed by the word ‘Secure’ with ‘https’ in green too.
This has been the norm for some time but it’s now just as easy to tell if a website doesn’t have a secure certificate. Since January this year, Chrome and other browsers display an info ‘i’ or an exclamation mark in a warning triangle next to the web address which, when clicked, will present you with a message advising that your connection to the website you’re visiting isn’t secure:
Ecommerce sites are hit the hardest
If your website is e-commerce (one that takes payments), it’s highly likely the above will be affecting your sales already, even if the website uses a secure payment gateway from the likes of WorldPay, Sage or PayPal; the absence of a secure certificate will be enough to deter the consumer before they get as far as the checkout.
But trust extends beyond Ecommerce
If your website doesn’t take payments that’s not an excuse to ignore the issue… It’s easy to lose people’s trust on the internet, with cyber crime and hacking so frequently in the news, security of personal details is on everyone’s radar. A website that has a contact form but no HTTPS certificate cannot ensure the safe transfer of the data entered into the form from the visitor to the website administration; this data can get intercepted in the absence of an HTTPS certificate, known as a man-in the-middle attack.
The notion of authenticity and professionalism online is more pertinent than ever before.