Website security is not just for online stores anymore, the truth is that all websites will benefit from being secured.
If you have a website, run an online store, E-commerce website you will obviously want to ensure customers that the information they give you on your website including sensitive information is handled securely.
To secure any Internet transmission, your website will need to use Hypertext Transfer Protocol with Secure Sockets Layer. SSL and HTTPS for short is a protocol to transfer encrypted data over the Web. When someone sends you data of any kind, sensitive other otherwise, HTTPS keeps that transmission secure.
There are two primary differences between an HTTPS and an HTTP connection:
• HTTPS connects on port 443, while HTTP is on port 80
• HTTPS encrypts the data sent and received with SSL, while HTTP sends all as plain text.
Most customers of online stores know that they should look for the HTTPS in the URL and to seek out the lock icon in their browser when they are making a transaction. If your storefront is not using HTTPS, you will lose customers, and you will also possibly open yourself and your company up to serious liability should your lack of security compromise someone's private data.
Google actually recommends this for all websites as a way to authenticate that the information on that site is secure and coming from that company and is not someone trying to spoof the site somehow. As such, Google is now rewarding sites that do use an SSL certificate. Which is yet another reason on top of improved Security to add this to your website.
As mentioned above, your Browser by way of HTTP protocol sends the data collected over the Internet in plain text. This means that if you have a page asking for a credit card numbers, that credit card number can be intercepted by anyone with a packet sniffer. There are many free sniffer software tools available and can be done by anyone with very little experience or training.
There are only a few things you need in order to host secure pages on your website:
• A Web Server such as Apache with mod_ssl that supports SSL encryption
• An SSL Certificate from an SSL certificate provider
• To use the HTTPS in front of your Domain exclusively.
If you are not sure about using HTTPS, you should contact your web hosting provider. They will be able to tell you if you can use HTTPS on your website. In some cases, if you are using a very low-cost hosting provider, you may need to switch hosting companies or upgrade the service in order to get the SSL protection you require.
If this is the case, make the change. The benefits of using SSL are worth the added trouble of an improved hosting environment.
Once that is set up, you can start building your Web pages. These pages can be built the same way that other pages are, you just need to make sure you link to HTTPS instead of HTTP if you are using any absolute link paths on your site to other pages.
If you already have a website that was built for HTTP and you have now changed to HTTPS, you should be all set as well. Just check the links to make sure any absolute paths are updated, including paths to image files or other external resources like CSS files, JS scripts or other documents.
Point all forms to the HTTPS URL. Whenever you link to Web forms on your website, get in the habit of linking to them with the full server URL, including the https:// designation. This will ensure that they are always secured.
Use relative paths to images on secured pages. If you use a full path such as (http://www...) for your images. And those images are not on the secure server. You will receive HTTPS Warning, or error messages saying Insecure data found. This can be disconcerting, and many people will stop the purchase process.
If you use relative paths, your images will load from the same secure server as the rest of the page.
Example of a Relative Path
Example of an absolute path
Great article and just what we needed, We will be using RSH Web with their free SSL certs!
Excellent post Thank you for sharing
Tweet Share Pin Tumble Email