Should your website be encrypted?

by / Thursday, 27 August 2015 / Published in Blog
Should I encrypt my website?

When Google announced in August 2014 that it is now favouring sites that are entirely encrypted in search results, websites started switching, using the secure HTTPS protocol as default. Many sites already use encryption for key pages such as login or online purchases, but the new trend is to encrypt everything. Is this something your website should be doing?

On 1st August 2014, HTTP Archive, a website which tracks trends in the World Wide Web, showed that 9% of web pages were encrypted. This figure jumped after Google’s announcement, and currently stands at 20%. One big reason behind this shift is websites trying to benefit from Google’s preference for encrypted websites in their search results. However, having a more secure site has other benefits too. Encryption is a signal of trust for visitors, and can boost confidence in and use of a site.

In the past, encrypting a page was costly and put greater demands on a website server. This alone was a good reason not to make all pages secure. However, as technology has evolved, this has become less of an issue. Services such as CloudFlare have made the technology easier and cheaper to implement, making it relatively straightforward for even smaller websites – such as union branch sites – to use HTTPS.

Along with the potential boost in Google search results, the other main reason to make the move to encryption is to protect your users’ data. Accessing websites with a secure connection makes it harder for data to be intercepted by a WiFi eavesdropper or an overzealous IT or HR department. These advantages can be significant for union members. Encryption in general means that it is much more difficult for hackers to see what you’re entering or viewing on websites.

The downside of this approach is that encrypted pages make the webserver work a bit harder, talking up more resources. Encryption also takes time to implement, as your site will need to ensure that every resource that it loads is secure. While the move is meant to boost the traffic from search engines, there is some evidence that sites suffer a decrease in traffic in the short term, as the permanent redirects forwarding to the secure version of the page decrease the Search Engine Optimisation benefit of the existing links to the website.

Sites that make money from advertising may also want to avoid being encrypted, as this can reduce your revenues as many adverts on services like Google Adsense are not yet HTTPS compliant.

More and more of the websites I’ve been helping out or launching have moved to full encryption though.  We can expect to see this trend continue.

Leave a Reply

TOP