Displaying items by tag: secure websites
If you think you don't need HTTPS/SSL security on your site, then you may need to re-evaluate this opinion as things are changing.
Back in August 2014 we published an article called SSL for SEO. This related to the announcement that Google had made at the time informing webmasters that HTTPS/SSL security was now a ranking factor in search engine positioning. So what's changed since then? At first not much......but stats now demonstrate that having SSL security in place is getting very important.
Let's first look back to July 2014 prior to Google's announcement! This chart shows that only 7% of the results delivered on the first page of Google were sites with SSL encryption.
Fast forward two years.....and now the chart shows that the percentage of sites with SSL on the first page of Google is 35%.
At the current rate of increase we're going to hit 50% earlier next year. And industry analysts consider that 50% could well be the balance point where Google really turn up the algorithmic volume on SSL. In the initial stages they couldn't downgrade sites for not having SSL because it would diminish the quality of their search results. But now the bigger players like Wikipedia, Amazon, Facebook, YouTube, eBay, Twitter etc are all on board with SSL.....things are likely to change.
So what is SSL? Basically it's a a 2048bit data encryption method, and these days it comes with multiple benefits:
1. 2048 bit encrypted connection between the user and the site giving a higher level of security for data transmission.
2. An SSL certificate also provides authentication. This means that users can be sure that they are sending information to YOU, and not to a criminal’s server.
3. Protection from Phishing, where a criminal tries to impersonate you or your website.
4. Dedicated IP address that gives you protection from any IP blacklisting of your site and e-mail caused by other users on the shared server IP address.
5. Enhanced professionalism giving clients confidence in doing business with you.
6. Trust! Browsers give visual cues, such as the lock icon in the address bar, which tells visitors that their connection is secure.
7. SSL is a criteria for search engine ranking, so potentially higher placement in searches.
If those benefits are not important to you, then there is no need for you to consider SSL. However, if that's the case, I would advise you not to make statements in your terms and conditions like "We take your security and data protection seriously".....because in reality you don't. So probably best if you omit that part because you're leaving yourself wide open.
To summarise, HTTPS/SSL encryption delivers numerous benefits to both site users and site owners alike, and it's importance is going to continue to rise.
At some point it may well be that those websites without HTTPS/SSL will be viewed as inactive or dormant businesses. Or even worse, as some analysts have suggested, Google may show a message to users warning them that it's an insecure site, or actually force HTTPS through the browser. If that happens, it could have catastrophic effects on businesses without SSL security.
We've used HTTPS/SSL on our site for almost 10 years now.....simply because it was the professional way to do things. For those of you considering making the switch now, there's many more incentives to do so as I've indicated above. Because you never know, in the future it could come down to Google viewing unsecured sites as.....NOT ENCRYPTED? Then you're NOT RELEVANT!
Published in Web Design News
Security is the most important aspect of any internet based application. Bar none! Just because you haven't experienced bad things.....bad things do happen, and it's getting worse. Every day we battle with various attempted security breaches at both server and site level. If they're particularly serious then we let clients know.
It doesn't help that despite numerous security advisories, some clients knowingly continue to run obsolete and insecure software. Unfortunately there's only so much we can do in these situations because vulnerabilities actually exist......so it's only a matter of time before somebody exploits them. That's an absolute fact.
If you're on current software (which 99% of our clients are) then the risk is greatly reduced. It doesn't mean you're impervious to intrusion by any means, but the odds in your favour are a lot better. But what do you do if somebody wants you taken out of commission for either business or personal reasons?
Now this is where it gets interesting......because recently, two sites have gone through a period of sustained and premeditated hacking attempts. And one of them was ours! Yes.....I'm talking about this site!
In our case, somebody (for whatever reason) bombarded the site with intrusion attempts. And despite everything being locked down tight, they got in. We were onto it virtually instantly and dealt with it, but the results could have been catastrophic.
So it was at that point we had to rethink our options. We immediately put in a commercial website firewall application along with a number of other security related initiatives......which for obvious reasons we can't elaborate on. Since then all has been well, but we're expecting a repeat at any time, and no doubt this will be at an even higher level of expertise.
The second incident occurred very recently......and it was directed at one of our lady clients. Somebody who's been with us for many years and has a very successful business. Her attacks were perpetrated over a longer period and at a much higher volume than ours. It sent her bandwidth usage through the roof resulting in her site going offline for a short period.
We then set up the same security system as we'd done on ours, but we even had to take the unprecedented step of blocking transmissions from a number of countries. Yes.....it was that bad. I'm pleased to report that since then everything is back to normal.....however, as in the case of our site, we're monitoring any traffic to her site very carefully.
So why were we, and our client, attacked in this manner?
The common denominator is we've both been in our respective business sectors for nearly 20 years and are very well established. It could well be the case that we're the dominant entities in our markets......and if either of us were taken out of commission then others could potentially stand to gain from it. Neither of us have any problems with any person (client or otherwise) past or present, and neither of us have any bad business relationships with competitors or associates. So there's absolutely nothing conclusive to go on.
The fact remains that two of us with current and secure software were taken out of commission in a clinical, systematic, and sustained manner. This was no script kiddy or opportunist behind it.....this was a pro who no doubt was being paid to get the desired result. Disruption was minimal in both cases as we were on it fast......but it just goes to show that even when even when all your web applications are up to date, a pro can still get to you. If you're running obsolete software then the result will not be a short disruption, it'll be a trainwreck......but that's your choice.
The cold, hard truth is that even if all applications are up to date and all normal security processes are in place, you're still vulnerable. Not vulnerable in relation to the amateur hackers (like obsolete sites are), but you are most definitely vulnerable to the pros. And it doesn't cost much for somebody to hire a pro to do this sort of job! Both my client and I are fairly sure this is what happened in our cases......and we may not be in the clear yet, as only time will tell.
My feeling on this whole business is that now I would never run a site of mine without having the commercial firewall (and other initiatives) in place. Our property was violated....the site felt "dirty" afterwards so we replaced it entirely. If you've ever had a car stolen and returned then it's the same feeling, and I don't want to be in that position again. Should any clients want to have the same level of protection put in place to secure their site, and the way things are these days I would certainly consider it, just contact us at
Published in Web Design News