That Annoying Extra ‘s’ and Why Is It There?
What is the difference between http and https?
Many of you have noticed that domain names need something like http:// or https:// before them in order to find their way to a website. Or you might have missed that because these days, you can get to a webpage without typing all that extra stuff. In fact, you don’t even have to type www any more. You can open your browser right now and type something simple like goodwincreative.ca and it will take you straight to a website with no intervening nonsense.
”But wait”, you say. “Sometimes when I type a web address or click on a link I'm taken to a warning page. What is that about?”
Yes, this can happen and to understand what is going on we need to talk about https:// and SSL.
The extra 's' on the URL of some websites means your connection to that website is secure and encrypted. Any information you share with that website is safe. That 's' represents technology that is called SSL or Secure Sockets Layer.
A few years ago, an SSL Certificate for a website was optional and would cost a business about $100 a year. Usually only websites that were asking for personal data, such as online stores, or bill payment centres, would need to have an SSL Certificate. Without an SSL Certificate, anything you type into a website could possibly be intercepted by a hacker, usually a tiny robot hiding on the server and waiting to start collecting your information. A website that has an SSL Certificate is bound to the server in a way that there can be no middle-man hacker or interception.
Here at Goodwin Creative, we offered SSL Certificates to our clients but it wasn't routine. We didn't recommend them if your website was not gathering information from its visitors. Even those sites with simple forms were, by standards for the day, safe enough.
However, a few years ago that all started to change. In August 2014 Google published a blog article titled HTTPS as a Ranking Signal. In essence, Google announced that having an SSL would improve your ranking on their search engine. Their goal was to create a safer internet. At first, this didn't impact many sites, but people started to become more aware of the security option. However, eventually Google got tougher.
Remember earlier in the article, we talked about how you can simply type a url such as goodwincreative.ca into your browser bar and it will go directly to the website? This is because the browser itself automatically adds the http://. Except that now, your browser will add https://. And as well, Google has reassigned all their search results and placed https:// in front of them.
The result is that, whether or not you actually have an SSL Certificate, people will be taken to your site at https://www.yoursite.com - and if you do not have an SSL Certificate some bad things happen.
First, if your site is old, and not built with https://, a lot of the inner links will not work properly - links to images and graphic elements for example. Your site will most likely present as a strange page of randomly placed images and a list of ugly blue links instead of your beautiful menu.
And second, often a visitor will be presented with the Warning Warning Warning! page. Chrome, for example, was popping up these pages in early 2018. Chrome is, of course, Google's browser:
The reason you are seeing the “Not Secure” warning is because the web page or website you are visiting is not providing a secure connection. When your Chrome browser connects to a website it can either use the HTTP (insecure) or HTTPS (secure). Any page providing an HTTP connection will cause the “Not Secure” warning.
But other browsers also started to have trouble. Firefox, for example, sees the https:// (which Google puts in front of your url regardless) and then tests your SSL Certificate and if it's not really there, puts up a Warning: Potential Security Risk Ahead error. We've all seen these, and other warning screens.
Long story short, all web owners are being forced to purchase, and implement, an SSL.
If you have an old site with Goodwin Creative, you can contact us and we will see what is involved in setting up and implementing an SSL for you. It may require that we re-code your site elements to be sure it presents the way it should on the internet. Or it may simply require that we add the SSL. If you're hosted with our host Ezy Hosts Network this will be included in your annual hosting fee. If you're hosted with another host, we can help you sort out how to have that little 's' added to your url.
And finally, if you're one of our Squarespace customers, SSL is included in your hosting. All Squarespace websites are https:// secure!
A safer internet is better for everyone. Let us help you get to where you want to be.