What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) is a protocol for
secure communication over a network, e.g. the internet. Simply put, it authenticates
the website you are visiting, and ensures that data exchanged on the website is
private and secure.
Up until recently, it was enough that booking engines and
e-commerce solutions were secure to protect credit card details and other
sensitive information. So, what’s changed? Why should you invest in making the
rest of your site secure?
1. People expect this on sites
HTTPS has moved from something usually only seen on online
banking and payment pages to something you see everywhere. Google reports that
50% of page loads are now on HTTPS connections.
There are several good reasons for making your site secure.
With a standard HTTP connection, it is possible for unauthorized parties to
eavesdrop on your users browsing activity. With the abundant growth of Wi-Fi
hotspots, which are often insecure, that has become something that anyone can
do, not just highly technical “hackers”.
It is also possible for someone to do a “man in the middle”
attack between your website and your site user. This could be something as
simple as embedding some malicious JavaScript code into the content returned
from your site, which could do anything from displaying unwanted ads, to attempting
to exploit browser vulnerabilities to hack users’ computers.
The same type of attack could also do things like modify
links on your website (e.g. to your booking engine) and redirect users to a
fake booking engine, which could steal user card details, and quite conceivably
take money off them in real time, disguised as a large booking deposit.
2. HTTPS makes browsing more secure
HTTPS adds a layer of security to browsing. It encrypts all
the data between your site and the end-user’s browser, which prevents
eavesdropping. It protects the integrity of the data, and provides
authentication to ensure that people are communicating only with the intended
website, and to prevent malicious corruption of the data like “man in the
middle” attacks.
In short, HTTP is not secure, and users are now expecting a
secure and private experience when they are online. Browsers like Google Chrome
and Mozilla Firefox have started making it obvious to users that they are on an
insecure page if that page is looking for credit card information or passwords.
However, Google have said that in the future, any pages which are not HTTPS will be
highlighted in chrome with a visible warning.
3. Google has stated publicly that HTTPS is now a factor
which helps with your sites Google ranking
As with most things involved with Google ranking algorithms,
it’s difficult to put an exact figure on the ranking increase as there are a
lot of additional factors involved, such as good SEO practice. However, there’s
no doubt that there is a boost, and it’s obvious that this is going to be a
much more important ranking factor as time goes on.
Google have even said that they are going to start actively penalising non-HTTPS pages in the future, so this is something you really want
to avoid.
There are already secure pages on your website, but a
full upgrade will further protect your website
If you already have a booking engine with Aró, rest assured
that those pages are already secure.
Upgrading your whole website to HTTPS however goes that step
further to make the full journey from website to booking a room as safe as
possible.
It also gives visitors assurance that you are security
conscious, and that could well be a factor in them choosing to book a stay with
you today.
If you are interested in updating your website to HTTPS,
please contact your Aró account manager. Not currently a client? We would be
happy to advise, so please don’t hesitate to contact us.