Get Ready: Secure Your Websites With HTTPS

If you needed that extra push to switch your websites over to HTTPS, Google has once again stepped up to the plate. On approximately January 31st, the latest version of the Chrome web browser (version 56) will introduce a significant change in the way it displays non-HTTPS websites. Any website that is not configured to display pages over HTTPS will have a message appear in the address bar that says “Not Secure” on any page that collects login credentials or credit card information.
Non-Secure Login Example
This is the first step in a staged rollout to encourage website owners to discontinue serving pages over plain HTTP. The final stage will be that Chrome will label all non-HTTPS pages as “Not Secure.” If you have been on the fence about whether or not to serve your websites over HTTPS, now is the time to jump on board and help make the web a safer place for everyone.

So what should you do next if your websites are not using HTTPS?

First, you should consult your hosting provider’s official documentation to learn how to set up SSL in their environment. Whether your sites are hosted in a shared environment or VPS/dedicated solution with root access, setting up SSL is a relatively painless process. If you feel unsure, you should consult your system administrator or webmaster for assistance. 25Penn Marketing can also assist you in setting up SSL for your websites.

Contact us today for a free consultation.

Many hosting providers offer a free and easy solution for setting up SSL utilizing Let’s Encrypt. Some of which offer a simple one-click installation method via cPanel for installing Let’s Encrypt certificates. Let’s Encrypt is a free, automated, and open certificate authority provided by the Internet Security Research Group (ISRG).
Let's Encrypt
Once your website has been configured to display content over HTTPS, you may want to consider implementing HSTS (HTTP Strict Transport Security), which is an opt-in security enhancement specified through the use of a special response header. What this does is prevents all incoming/outgoing requests from being sent over HTTP and instead communicates exclusively over HTTPS. We will go into greater detail in a future blog post and discuss the steps you should take to implement HSTS, and how to submit your site to the HSTS preload list. Stay tuned!

UPDATE: The latest version of the Firefox web browser (version 51), released January 24, 2017, will now display a warning when a login page does not have a secure connection.