You know that you must secure your website to protect it from cyberattacks and give your visitors' confidence.
But how to create an HTTPS website (a secure website)? How to be sure that your websites are well secure?
HTTPS, SSL, TSL, EV, DV, OV certificates… Maybe these acronyms about web security impress you.
It is normal and we understand you!
Let’s see what does an HTTPS website involve, what are its advantages and how to create a secure website.
HTTP stands for “Hypertext Transfer Protocol”.
Maybe this explanation isn’t clear, so let’s continue.
The whole information exchanges through this protocol may be intercepted.
That’s why HTTPS has been created. HTTPS is an HTTP extension that works with the SSL protocol (Secure Sockets Layer) to transfer data securely. The SSL protocol is for transferring data. The evolution of SSL is TLS (Transport Layer Security) which is a safer way to encode information.
A website is secure when the connection used to communicate with the server is encoded. As you will have understood, a secure website address starts by https:// (“s” stands for “secure”) contrary to a not secure website which starts by http://.
When you visit an HTTPS website, a padlock is shown to the left of the website address. In your browser and by clicking on it, the “secure” mention is shown.
What are the benefits of protecting your website?
A well-secure website not only enables you to protect yourself from some problems, but also it brings about some significant benefits. In other words, a secure website avoids unpleasant situations and brings about benefits. ;-) Lets’ go into detail.
You are certainly convinced that it is useful to secure your website.
Here is the checklist with all the benefits of a secure website:
Thanks to HTTPS / SSL protocols, a person who wants to hack one of the hardware used by the Internet (Wi-Fi connection, telephone line, optical fibre) can’t spy sensitive data on the Internet (such as passwords, credit cards…). The protocol is like an anti-hacker / anti-intrusion shield.
The website has a padlock-shaped mention on the address bar of the browser. On the contrary, if a website isn’t HTTPS, browsers send warning messages to users and this makes a “bad impression”. ;-)
Google SEO is enhanced: on the Internet, what makes us higher visible makes us stronger. Moreover, in 2018, Google considers all HTTP pages to be not secure immediately, and mentions them in its results pages. If your brand is important for you, you prefer avoiding this situation.
Your website is higher credible with your visitors: Internet users are even more careful, and they are right, as there are many online frauds. Doing your utmost to reassure your visitors is always a good idea.
The mobile version of your website is also secure: the whole security rules for desktops are also valid for mobile devices.
In all sincerity, if you begin in IT and decide to start by yourself, the job may be a bit difficult. However, your provider will be able to deal with the whole security process, depending on your solution to create or redesign your website.
SiteW registers and renews SSL certificate automatically.
Establishing an HTTPS secure connection indeed requires SSL certificate registration from a certifying body (Symantec, Comodo, Let’s Encrypt…).
If you start by yourself, here are the steps you need to follow to create an HTTPS website:
First, you need to make a certificate signing request on your server to collect the necessary data (public key certificate) to register the SSL certificate.
Then choose and buy the SSL certificate. You will find different types of certificates (see below) that will give you different web security levels. Providers implement variable prices, so compare the different offers attentively.
And then configure your web server. The steps will be different, depending on your software, so don’t hesitate to read the existing tutorials.
Create 301 redirects (permanent redirects) to redirect traffic from your HTTP pages to your new HTTPS pages, so that the securing doesn’t impact on your SEO negatively.
Then you will be able to check the compliance of your SSL configuration with some online tools such as https://www.ssllabs.com.
Remember to update your Google Webmaster Tools account with your new HTTPS web address.
And eventually, don’t forget to renew your SSL certificate.
Check all the links to your website to not generate 404 errors. To that end, you can use free software such as Broken Link Check to preserve your SEO.
Finally, check your external files and plugins compatibility (if you have used a CMS for your website creation, for example).
It is certain that there is work, but you can reach your goal if you proceed methodically.
Here are the different types of SSL certificates you will find on the market. Choose your certificate according to your needs:
This SSL certificate controls your domain name. It is the lowest security level. In this case, the certifying body just checks the domain name ownership. The DV certificate will suit you if you don’t ask your visitors private data and your website isn’t inclined to frauds such as pishing.
This certificate controls the organization. In this way, the company is controlled: for example, it is ensured that the company is registered at the Commercial Register. This certificate suits you if you transfer non-sensitive data.
This certificate enables you to widely control the company and offers you the highest security level. It is the most appropriate certificate to transfer sensitive data (payment information, for instance).
As explained above, if you want to optimize your SEO in the long term, securing your website is no longer optional today.
However, moving from HTTP to HTTPS may be delicate for your visibility on search engines. To succeed, pay attention to the following elements:
Create 301 redirects to show Google that you have HTTPS websites now.
Delete the old HTTP pages to not have the same contents.
According to the webmasters of the different top websites, if possible, edit all the internal links and backlinks (or they will be 301 redirects).
Update all your URLs on the different supports (leaflets, business cards…).
Fortunately, if these steps seem difficult for you, ask your service provider to deal with them.
However, the situation may be different, depending on your solution for website creation.
If you choose an online software (such as SiteW) to create your secure website, the steps will be easier.
A website builder manages everything totally:
The SSL certificate is automatically registered and renewed.
Redirects are made and search engines index the new addresses.
All compatibility problems are resolved: to have a secure website, all the used files indeed must be downloaded from a secure HTTPS connection. Thus, all the files must be changed into HTTPS or disabled.
In this way, you will have a secure website and the much-vaunted padlock without effort.
Web security is not a joke and everybody knows it. Securing your website is essential to succeed on the Internet. Once you have your secure website, it will be a success!
Last update: July 16, 2021