The importance of unbroken HTTPS on your sites

May 12th, 2021 | Security-related

We’ve all heard about Google & Bing clamping down on “HTTPS Everywhere”, so what does it mean?

It’s always been important to have an SSL Certificate for your website if you’re running eCommerce of any kind. For years, that was the concensus – and if you look back 5-20 years ago it wasn’t exactly a cheap exercise to secure a website (nor easy all the time!). These days though, it’s changed from being a case-by-case requirement to being more a case of “if you have a website on your domain, then it needs to be on HTTPS”.

So I need to have SSL coverage, how much is that going to cost me? Does it need renewing?

While they used to cost a tidy sum of money, these days you can get base-level coverage (DV: Domain Validated = no organisation validation performed = quick delivery times) for free via Let’s Encrypt, just like we include for free with our Hosting plans. Or you can opt for a DV SSL Certificate from a Certificate Authority who don’t offer free coverage, such as Sectigo (formerly Comodo) who’ve remained a trusted name in the space for many years. You’re looking around $50 to secure roughly equivalent coverage as from free Let’s Encrypt certificates.

I’ve done that, HTTPS works but it’s showing a broken padlock – problem?

Problem – and quite a serious one (to your Google/Bing rankings, not so much to fix – don’t worry!). This can happen when you update a website (such as one with a CMS like WordPress) to use a new URL/domain while there’s a history of posts/pages/products/etc from a time when your website ran on HTTP (insecure). Thankfully, it’s an easy fix however there are two ways of handling it – avoid the problem, or fix the root cause. We always recommend that you take the time and precautions to update your site’s data properly, to fix the cause of the broken padlock.

You can see the offending resources (images, JavaScript/CSS files, downloadable files, etc) that have references to the “HTTP version” of them somewhere in your database by using websites like Why No Padlock – we encourage you to send the results to our Support team for an assessment as to how best to resolve the problems throughout every page of your website. (This offer applies to non-customers too – we’re here to help and respect your decision to remain elsewhere)

How do I ensure that the problems are resolved for good within my website?

(Change flow/link TBC – in KB for the time being)

 

LEOPARD.host Operations

LEOPARD.host Operations

100% Australian owned & operated

Started due to a rapidly dwindling market, LEOPARD.host began as part of a Managed IT firm’s service offering. From there, our clients have helped us scale to where we are now, and we’re just beginning!

We’re here to exceed expectations, redefine norms and keep our industry accountable. Looking for premium service? You’ve found it!

 

Keep reading our ramblings here