Prior to 2017, Https was long endorsed by webmasters due to it’s inferred ranking benefits within Google.
However Google have now made it a necessity through, by forcing http websites to show as “not secure” within their Chrome browsers (other browsers quickly followed suit).
The general public is becoming more aware of cyber crime, and hacktivism is a growing term in mainstream media as more and more high profile figures and companies fall victim to hacked emails and data breaches.
Google at the end of the day relies on people using the search service to find results that answer their query – Google has a vested interest in ensuring that it isn’t sending users to a website that could potentially harm them.
While Https does not mean your website is secure, it goes a long way to protecting your users.
The Data Encryption Process
A Secure Socket Layer (SSL) certificate is a small data file that associates an organisation’s details with a cryptographic key. When installed on a web server, it enables an encrypted secure connection between the web server and the user’s browser.
The below is a breakdown of the standard process:
- A browser (or server) attempts connection to a website that is secured with an SSL. The browser (or server) then asks the website to identify itself.
- The website sends a copy of it’s SSL certificate.
- The browser (or server) verifies the validity of the SSL certificate, and if it does, it sends a message back to the website.
- The website sends back a digitally signed acknowledgement to begin an SSL encrypted session.
- Encrypted data is then shared between the browser (or server) and the website).