Safari's version of the NOT SECURE warning.

Would you trust a website with NOT SECURE warnings?

Moving from HTTP to HTTPS - The end of an era

HTTP - first introduced in 1991 - has been the main protocol for delivering websites since the inception of the world wide web. Now, it's time for a change.

Google and others have been pushing website operators to move to the encrypted HTTPS protocol for years, and since 2018, browsers including Firefox, Google Chrome and Safari are displaying a NOT SECURE warning if a website is loaded via HTTP without encryption.

"Not Secure" warning now shown in Google Chrome for non-HTTPS sites

What is HTTPS?

HTTPS is a secure version of HTTP. Instead of sending the website and your information such as login or credit card details as plain text, HTTPS encrypts the data before sending it to assure that only the intended receiver (either your browser or the web server) can read it.

What does it mean for my website?

If your website is using HTTP, an attacker on a public network (e.g. a café wifi) can intercept and read any information sent by your visitors to your web server. While most people are aware that they shouldn't send private information to insecure websites, even the stolen login details for a seemingly unimportant site can enable an attacker to take over other critical accounts if the victim used similar passwords.

How do I protect my site?

To protect your site visitors, you need an SSL certificate. This certificate will allow your web host to enable HTTPS for your website in order to secure your visitor's information.

SSL certificate options

There are many options available for certificates, with prices ranging from 0 dollars to several hundred per year. Since 2016, Let's Encrypt provides free SSL certificates to website owners - the only downside being that the certificates have to be renewed every 3 months. As a consequence, more and more web hosting providers are offering this service for a few dollars or even for free.

Cloudflare: A free option for HTTPS and more

A popular option for receiving a free SSL certificate along with additional protection for your website against attackers is Cloudflare. The free plan includes a free SSL certificate that renews automatically, so you don't need to worry about anything after the initial setup. However, you need to be confident in changing DNS settings to make these initial changes and have access to your registrar login details. As a wrong configuration of your website can make the entire site inaccessible when activating Cloudflare's SSL option, you should definitely create a backup before making any changes. Your webmaster might be able to assist if needed.

HTTPS and WordPress?

Geekho is offering it's WordPress Performance and Security Package to give the less tech-savvy website owners a stress-free option for moving their WordPress website to HTTPS. Besides securing the site, the package also includes a number of tweaks to improve your site's loading speed, which can greatly help keep your website visitors happy and improve sales conversion.

In summary

While it is not mandatory yet, we highly recommend that you secure your website by moving to HTTPS now to get better ranking in search results (SEO), give peace of mind to your visitors and increase your sales and user experience.

About Geekho

Geekho (Cambodia) is a boutique design agency located in Siem Reap, Cambodia, with a team of seasoned experts in marketing automation, web performance and custom development.

With the WordPress Performance and Security Package, Geekho is offering a comprehensive optimization service for SMEs to improve conversion rates and customer satisfaction.

This article is part of Geekho's series of articles on website optimization. Read more about website performance.