Security, WordPress and SSL.
Online security, hacking and theft of data has become the No.1 concern for Internet users. So why is this being ignored?
Less than 1/3rd of the Internet is secure and Google (plus others) are going to do something about this. Imminently.
The high-profile hacking of insecure WordPress sites, the PlayStation network, Sony Pictures and many others over the last year has raised the awareness of security in consumers minds. There are some basic steps web-site owners can take to protect their customer’s data and their own digital services – so it comes as quite a surprise that very few actually do.
If you operate a WordPress site then you really need to stay up to date with release versions, as the world’s most popular digital platform it’s more susceptible to generic attacks then any other web platform (success has it’s price, I suppose).
The natural next step is rolling out SSL across all communication platforms. We’ve been banging on about running SSL (or https, if you prefer – you may recognise it as the padlock next to the web address) for longer than I care to think and have been rolling out SSL-as-default across all our digital platform since 2010.
Google think this is so important they’re even rewarding secure sites with improved search rankings. We completed the secure roll-out of all digital services at the end of Summer last year and we’ve seen increased web-site traffic as a result whilst we sleep soundly at night not worrying about either client or our own data.
Consumers have not really caught on yet, but they will. Many browsers now warn site visitors if sites contain “iffy” content or functions and it’s only a step away to expand the warnings to non-SSL web sites and digital services.
In fact, Google is proposing to warn ALL users every time they visit a non-SSL site. This will create a little bubble during 2015 as thousands of companies race to catch-up and, in many cases, try to implement improved security with few skills and limited experience.
Do I need to go SSL/HTTPS now?
In short no, but you should have a plan that can be executed at the drop of a hat. If you operate a WordPress site then it’s pretty straightforward to roll out SSL and there are lots of guides out there to help you (or you can contact us).
There is an emerging drive to include SSL within domain name pricing, and there are also rumours that Google will start providing free SSL certificate on a limited basis in the first half of this year.
In fact, we shouldn’t really call it SSL anymore as the old standards of SSL 1.0 through 3.0 have been, or are in the process of being deprecated and being replaced with the all together more secure TLS. But it’s likely the SSL moniker will hang around for a while.
Why do so many agencies not use SSL/TLS?
Honestly, I have no idea! It’s simple to implement and manage but it’s still striking the number of agencies in the digital services space that don’t take even the most basic care of client data. In fact, just 2 of the top 50 WordPress Agencies in London (according to Google) use secure encryption for their own sites.
Maybe it’s the “cobblers kids shoes” effect? If enough clients vote with their cheque books then I guess they will have to move onto secure platforms quickly. We did, we value the importance of security and therefore encryption.