Secure WordPress: the path to encryption on the web

Running a secure WordPress instance under HTTPS is now an important optimisation for your website. It is a ranking signal that Google uses in its algorithm. Sites that run securely are getting a leg up in searching engine rankings. HTTPS is also mandatory to use the latest version of the HTTP protocol – HTTP/2. Here at The DMA we have been working hard on bringing a cost effective and quick implementation version of HTTPS to our managed WordPress hosting customers.

If you’ve read that first paragraph and you’re now thinking “what is all this techno mumbo jumbo” fear not. This blog post is written for WordPress website owners not tech geeks. I will explain!

What is HTTPS?

You might not know the acronym but you have surely seen it in action. Moreover you’ve probably learnt to look for it. In your web browser (Firefox, Chrome, Safari etc.. ) when you visit a website that is running under HTTPS, you’ll see a locked padlock display near the address. Each web browser looks a little different, below is how it looks on Safari.

When you visit your bank’s website, or your at the checkout in an online store you’ll see HTTPS in all of these places.

So, what is it. In short, it’s all about encryption. Traffic flows between the web server of the site your visiting and your computer’s web browser. Normally (i.e. HTTP – not there’s no S in there), this traffic is in plain text. Not secure in anyway. Anyone that has access to your internet traffic (for example your ISP) could (if they wanted to) see all of the content that is going back and forward.

If you’re in a cafe using a WIFI service your traffic is potentially available to other  users enjoying their coffee and morning snacks too.

HTTPS solves this by encrypting traffic that flows between the web server and your computer. While the actual data is still available to eavesdroppers, what they’ll see is encrypted gobldy-gook (yes that’s a technical term).

For many years now, it’s been best practise to use HTTPS for sites where there is any sensitive information at all. Think online banking, eCommerce stores or sites where users are expected to sign in with usernames and passwords.

Google is pushing for an encrypted web

As mentioned in the introduction of this article, Google has been using its weight to push the world wide web to a place where much, if not all of the traffic is encrypted. Back in 2013 Google announced that it would begin to encrypt all searches and results on its search engine. That had immediate effects on digital marketeers, no longer could we easily access statistics relating to keywords searches on websites. More recently Google stated that HTTPS is now a ranking signal. Meaning a website running under HTTPS will receive favour in the eyes of the Google search algorithm.

Watch one of Google’s keynotes here where they explain in detail (yes it goes for 45 minutes but that’s what the fast forward button is for, you can skim!) their thoughts behind HTTPS Everywhere.

Google Chrome’s 2017 update

Earlier this year, Google announced that from early 2017 its Google Chrome web browser would display websites not using HTTPS as insecure in certain situations. Below is a screen shot from that announcement where they show the difference in the address bar, the current version at the top and that which is coming soon.

The obvious effect of this is that visitors to your website will see the second message “Not secure” and make of that what they will.

What is HTTP/2 and how is it related?

This is surely turning into the acronym edition of The DMA blog. HTTP is the protocol (it’s the language two computers use!) that your website uses to transfer content to your users, in their web browser.

There has recently been an update to a new version that is dubbed HTTP/2. I’m not going to tire you with the technicalities of the update, you can see the FAQ here if you’d really like to read up on the geek stuff.

What you do need to know about HTTP/2 is that it’s faster than its predecessor. Your website is capable of loading faster when served from a hosting environment that supports HTTP/2. Here at The DMA we are now able to offer HTTP/2 to customers. You do need to also run under HTTPS so we’re offering both of these technologies together.

Secure WordPress – in summary…

• Setting up a secure WordPress site, using HTTPS with an SSL Certificate is a good idea
• It will aid your search engine rankings (although you still need to do other things like regularly publish new content on your site)
• If your site runs with HTTP/2 as well HTTPS there is a performance enhancement to be had
• If you’re a DMA managed WordPress hosting client we’ll be contacting you soon with information on upgrading your hosting environment to a secure WordPress install