What is a ‘secure web?’
When we surf around the web, communicating our personal lives, conducting business and making livings, a vast majority of the data that we receive and send is unencrypted. That means that emails we send, forms we fill out, login credentials and browsing behavior is more often than not traveling through the web in plain text, for anybody to intercept and read.
We should all be aware of what ‘secure’ means and how to recognize it. When you visit a site and you see ‘https’ in front of the address (and no warnings), then you are accessing a secure site, for example:
When using HTTPS, your communication is encoded so that only you and the website you’re communicating with can read the contents of the messages you are sending back and forth. This is imperative to making sure that your credit card information, login credentials or personal emails aren’t scooped up by a malicious guy at the local coffee shop with free WiFi or even government agencies that hoover up data indiscriminately.
When we refer to a ‘secure web,’ we are talking about a World Wide Web that consists entirely of secure websites – and therefore offers a safe and private environment for people to go about their online lives. As people who build the web, we have a responsibility to our clients to encourage responsible and safe practices. Therefore, we are encouraging all new websites from here on to go ‘always HTTPS.’
For starters, Google announced back in 2014 that it was going to start giving a ranking boost to secure websites, so we’ve all known this has been coming for some time (this announcement was tied together with their HTTPS everywhere initiative). Unfortunately, up until recently, buying and installing SSLs has been expensive and difficult to manage, to say the least, but things are changing.
As of December 2015, Let’s Encrypt, a non-profit that promotes secure communication, started issuing free secure certificates (SSLs). This is huge. There are extensions and tutorials coming out all the time to help developers and hosting providers implement these certificates (such as the Plesk Extension that we use).
Installing and renewing certificates from Let’s Encrypt is something that IronGate has tested on new sites since the beginning of the year, and we are happy to say that the results have been positive. We will be able to start offering secure websites out of the box for reduced expense to our clients, and we can all feel a little bit better about doing our part to create a secure web.