What is website security? Why does my website say it’s not secure?

Let’s be honest, in this day of technology security is important. When you own a small business, your website is your virtual “shop window”. Website is a critical component of your marketing strategy and a vehicle for your brand. You don’t want anything on it to discourage potential clients. It can be concerning to be greeted with the warning “not secure” in the address bar whenever you browse the pages of your site.

What is website security? 

Firstly, we need to talk about hypertext transfer protocol (HTTP). Without getting too technical, HTTP is how servers talk to browsers, controlling the flow of data back and forth between the two. Unfortunately, HTTP is not secure, meaning that hackers can intercept the information being transferred. If you run an eCommerce site, using HTTP means that your customer’s personal contact details and credit card data are in danger of being stolen.

A few years ago, to help web users become more aware of their online security, most major browsers, such as Google, Edge, or Firefox, began flagging the HTTP status of websites. They did that in two ways – displaying either an unlocked padlock icon, or the words “not secure”, or both, to the left of the URL in the address bar.

Therefore, if your website is still using HTTP, your customers will be notified that it is not secure whenever they visit, making them more likely to leave straight away. Not only that, but using HTTP is also likely to hurt your search engine optimisation, and some browsers might even stop people from visiting your site completely.

How do you fix it? 

Is there a way to fix this? Thankfully, yes, and it’s called HTTPS – a more secure version of HTTP that uses an SSL certificate. The SSL encrypts all the data being exchanged between the server and the browser. In other words, it creates a secure connection for the data to travel through so that hackers can’t read it – only the server and the browser can unlock the information.

To use HTTPS, you’ll need to obtain an SSL certificate from a Certificate Authority and install it on your website. You can get basic SSL certificates for free from CAs like Let’s Encrypt or ZeroSSL. Alternatively, you can buy certificates that come with added features and technical support.

Once you’ve installed your SSL certificate, it’s a good idea to revisit any internal links on your site that point to the HTTP version of your URL and update them to HTTPS. Don’t forget to do it on your social media channels and email newsletters as well. It’s also advisable to create a 301 redirect to divert any inbound traffic using an old HTTP link to the HTTPS version. Next, you’ll want to let Google know that your site is secure. You can do this by updating your XML sitemap and submitting it to Google for re-indexing. You can also update your details in the Google Search Console.

If you get your website built and hosted by Moreweb, we’ll take care of obtaining your SSL certificate and making sure your customers feel safe when they’re browsing or buying from you. We can also install the SSL on your existing site if you are using our web hosting services. Contact us to find out more.

Leave a Reply