Website Security – A Breakdown of How We Approach WordPress Security
Join us through a deep dive of how we approach the security of the WordPress websites we host.
Why Your Website Needs to be Secured with HTTPS (in Layman’s Terms)
Don’t miss the boat getting your website secured with HTTPS! Here’s why…
Around 6 years ago very few sites were mobile-friendly. We’ve had a revolution and now every website needs to be usable and pleasant experience on mobile.
In similar fashion, we’re at a turning point for all websites being “secured” (HTTPS) using SSL Certificates.
What is SSL / HTTPS?
It is basically a protocol that means any traffic to-and-from your website is encrypted and if it is intercepted it cannot be understood.
Your site either gets accessed using HTTP or HTTPS. The secure version, HTTPS will usually show a trust-gaining green lock in the browser. The “S” in HTTPS stands for “Secure” – it should all makes sense now…
If you visit an unsecured website and fill out a contact form while on McDonald’s WiFi, anyone else on that network can see all your traffic and what you submitted – if the site is not HTTPS. You can see how this is a problem!
The 6 Reasons You Need to Join the SSL Pivot Point
1. Gain Better Search Rankings
In an effort to encourage best practice and protect their users, Google sees sites being secure as a minor ranking signal. Ranking for keywords is hard, this could give you a small boost.
2. Avoid Embarrassing “Insecure Site” Warnings
The Chrome browser team recently announced that starting in January there will be insecure warnings on site login pages that aren’t SSLed. This could be a blot on your brand and isn’t a good reflection to the user. In the future it seems likely that securing an entire site will be best practice.
3. Security Contributes to Brand Trust
Having that green lock in the browser and seeing that your site is secured may help users trust you more highly if this is their first impression.
4. You Care About Your Website’s Visitors
Even if you aren’t collecting credit card details, SSNs, or private details…you want to guard your users. Sometimes little details could help a hacker build a profile on them and do something nefarious. We’ve even had clients whose customers couldn’t access an insecure site – usually for industries like military or government. If your site isn’t secure, your users’ traffic is wide open to any governments, shady monitoring outfits, and hackers.
5. Keep Your Own WordPress Admin Secure
While the WordPress Dashboard / admin area does have some security features, you are still transmitting your logins insecurely when you login and are making changes to your site.
6. Could Help Your Website Load More Quickly
I don’t need to even say why that is an awesome thing. The technologies that work with HTTPS and your browser now mean that an SSL certificate won’t slow your site down but could actually make it faster for users!
Your Next Steps to Get Secured
Migrating from HTTP to HTTPS is becoming inevitable. There is so much value in switching that it is already a no-brainer.
If your WordPress site is not secured and able to use HTTPS, reach out to us and we can create a plan to migrate. Typically the certificates cost $50-250/year. However, you can now get an SSL Certificate for free using Let’s Encrypt. We use SSL for all new WordPress hosting accounts, it is becoming a must-have feature.