class="post-template-default single single-post postid-1296 single-format-standard"
23
Jul

HTTPS: Not as Secure as You Think

All about HTTPS and HTTP

Last year Google announced that switching to HTTPS will positively impact your organic rankings. This caused a flurry of people switching over, or wanting to switch to, the securer HTTPS rather than plain old HTTP.

The first point is that the boost to your organic rankings will not be significant and will be far less impactful than hosting quality content and strong click through rates. That’s not to say switching is a waste of time, as there are benefits to HTTPS, however it is often overrated in terms of reinforcing your site’s security.

What is HTTPS?

Hyper Text Transfer Protocol Secure is the security-focused alternative protocol to standard HTTP.

HTTP that won’t resist any unwanted siphoning of the data, however HTTPS will prevent unsophisticated attempts to intercept data, which is understandably important when transmitting credit card details and passwords, etc.

This is great until the attackers decide to hack the site itself, rather than attempting to intercept the data in transit. HTTPS will not block DDOSing or any other types of attack.

Controversies surrounding HTTPS

Aside from the tiny organic ranking boost that it will give in the future, and the reinforcing your data pipeline, HTPPS does carry more benefits though with an equal number of cons.

SSL certificates

You will be familiar with the green padlock that appears next to the URL once you’ve logged into many sites:

The difference between http and https

An SSL certificate confirms the validity of a website rather than a clone that can be used to steal sensitive data. However, fake sites can also fake SSL certificates. A glance at the top part of the certificate confirms that this is indeed the real Amazon, as confirmed by the signature.

Securing the Pipeline

As mentioned earlier, HTTPS does reinforce the client-server data pipeline, however it has little effect if the hacker has gained control of the whole network. All that will happen is that the malicious data will be delivered through the secure pipeline and fool people into thinking the interaction is safe.

Encryption

We know already that HTTPS keeps data secure in transit, but what about when it reaches its destination? Sadly it does nothing to protect server-side data. Even large organisations with enormous caches of sensitive data fail to grasp that their stored data is unencrypted even with HTTPS.

So what now?

We’ve reviewed the pros and cons of HTTPS and none of the cons are really that bad as long as you have some grasp of the protocol. If your site is handling sensitive data then you should drop what you’re doing and install HTTPS right away. If not, it’s something to consider for the future as it won’t do any harm but it won’t be super beneficial

The following two tabs change content below.

Jonny Holmes

When it comes to PPC, SEO and CRO, Jonny's skill and attention to detail make for consistently great insights. His work makes a measurable contribution to the business

Latest posts by Jonny Holmes (see all)