Is Your Website Secure? How to Test for HTTPS & Implement SSL
The small “padlock” icon in the address bar of your web browser signifies that the website you’re viewing is secure. Websites that are secured always start with “https://”, not “http://”.
What Is the Difference Between HTTP and HTTPS?
HTTP stands for HyperText Transfer Protocol. HTTP is the way data is moved around the web. When you type in http://, it tells the browser you’re looking for a web address.
HTTPS stands for HyperText Transfer Protocol Secure. HTTPS is also a way that data is moved around the web, but it has an added data protection layer that makes it a more secure method. HTTPS protects data by encrypting it (before the data is sent or received) by using an SSL (Secure Sockets Layer) Certificate.
How to Change from HTTP to HTTPS: SSL Certificate
Switching to HTTPS requires an SSL Certificate that creates a secure link between your website and your visitors’ browsers. The SSL makes sure all data passed between the two remains private and secure by encrypting the data. SSL encryption stops hackers from stealing private information such as logins, email addresses, names, street addresses, and credit card numbers.
Can I Install an SSL Certificate, or Do I Need to Have Someone Do It for Me?
The exact steps of how to make a website SSL will depend on your hosting provider. The simplified steps of how to install SSL are:
- Generate a Certificate Signing Request (CSR)
- Purchase an SSL Certificate (see shared certificates below)
- Download your SSL Certificate file
- Install the SSL Certificate file on your website server
- Set up your site’s 301 redirects
If you have the technical expertise to work on your website and site server and know how to convert http to https, you can install SSL yourself. If not, it’s recommended you have someone else who understands SSL do it for you.
Do I Need to Buy an SSL Certificate?
Many hosting providers include a shared SSL certificate you can use rather than purchasing your own. It’s a good solution as long as the shared SSL certificate doesn’t give any errors on your site. A shared SSL certificate may not include your organization or website name and may display a warning, so it provides less assurance to visitors.
How Do I Set Up 301 Redirects?
By setting up 301 redirects from HTTP to HTTPS, you’re ensuring that search engines are alerted that your website addresses have changed. Anyone who has bookmarked a web page on your site is then automatically redirected to the “https” address after you’ve converted to HTTPS.
How Do I Test for Errors?
You can test for errors by making sure you have no “http:” on your website.
- Visit your site in a browser.
- Right click an element; choose Inspect Element.
- From the Console, look for incorrect HTTP linked files.
- Pull up the source code for a web page.
- Search for the term “http:”
- Will Users Know My Site Is Secure?
Once you have SSL installed and tested, users will know your site is secure by two simple and obvious signs:
- The web address in their browser starts with “https://”
- Your visitors will see a closed padlock in their web browser. A simple click on the padlock displays a message with your company name and that your website is a secure connection.
Do I Have to Switch to HTTPS?
It’s recommended that you switch to HTTPS if you want to keep people on your site and not scare them away. Browsers can display a “not secure” warning if you have an “http://” site address. Your visitors can also possibly be blocked from visiting your site due to the vulnerabilities it can have without an SSL Certificate.
Interested in learning more about SSL certificate contact our specialists at docero today and receive a free evaluation of your practice's digital presence.