WordPress wishes to impose HTTPS

After Google and Mozilla, Matt Mullenweg the founder of WordPress is taking steps to ensure that the services you use are secure. Automaticc, the company behind the WordPress blogging and content management platform announced it will be investing heavily in SSL security technology. Considering HTTPS as a necessary evolution in the fight against cybercriminals. Is HTTP required for eCommerce sites in 2017? How to deal with it if you have no means to invest in SSL/TLS certificates?

It’s time to get into the starting block for HTTPS

It's time to get into the starting block for #HTTPS Click To Tweet

In a previous article, we underlined how Google has launched the HTTPS race by announcing they will consider it as a metric when deciding the PageRank of a given website. However, Google has also decided to go a step further last week: they will mark HTTP websites as unsafe on 2017, and warn users about websites that are not using HTTPS.

On January 2017, the Google Chrome web browser will ensure that when a user visits a non-secure website, a red X mark will be displayed in the address bar: as of now, Google Chrome uses this mark when the SSL certificate on a website is incorrectly configured, thereby warning user that there is a problem with the SSL certificate of the active website.

A few months ago, Mozilla announced they will point out websites using HTTPS or mixed content – meaning for websites integrating https and https elements – to protect users from attacks by blocking potentially harmful, insecure content on web pages that are supposed to be secure.

Now it is to WordPress to take over the lead and to impose HTTPS. With more than 35% eCommerce sites based on WordPress through WooCommerce plugin, the information is not to be taken lightly.

Indeed, Matt Mullenweg the founder of WordPress is taking steps to ensure that the services you use are secure. Automaticc, the company behind the WordPress blogging and content management platform announced it will be investing heavily in SSL security technology. This means that initially, it will only promote hosting providers that provide an SSL certificate by default in their accounts. In the future, it plans on extending such scrutiny to features, making them available only when they have been certified.

Is HTTPS required for eCommerce sites in 2017?

Is #HTTPS required for #eCommerce sites in 2017? Click To Tweet

We already know, there is a clear connection between consumers’ perceptions of security practices and commercial success. The HTTPS protocol is one of the keys to your eCommerce success, by encrypting data and by informing on your quality service. That is especially true for SMBs that do have not, therefore, a sufficient reputation to be recognized.

Without HTTPS protocol, it is really easy to intercept communications to obtain confidential data: logins and passwords, credit card information, texts, images…. EVERYTHING! If one of your customers is consulting a page of your website, the hacker can intercept and use its credentials and sensitive information.

Migrating to HTTPS allows you to increase your security level and your web performance:

  • Passwords and data protection
  • Data privacy
  • Improved web performance (by activating the Speedy protocol)

The HTTPS protocol is also an advantage for your search engine optimization (SEO) on Google. Actually, the firm of Mountain View has officially announced in February 2015that the use of a secure HTTPS protocol will be taken into account in its algorithm for the search engine optimization.

Regardless of whether you are choosing HTTPS for a security or a search engine optimization reason, migrate your eCommerce site to HTTPS through an SSL/TLS certificate is mandatory for 2017.

Free SSL/TLS certificates to migrate to HTTPS

Free #SSL/#TLS certificates to migrate to #HTTPS Click To Tweet

To implement HTTPS security, you have to set up your site with a digital SSL/TLS certificate. Before OZON, deploy an SSL/TLS certificate on a website was an expensive and complex operation.

As HTTPS security must not be an unaffordable luxury, we have decided to automatically deliver a free SSL/TLS certificate for every site you are securing with OZON. In a matter of minutes, with no technical or administrative constraints, your website will benefit from a state of the art HTTPS security that we always maintain a high level of security over time.

Migrate your website to HTTPS is an important step to protect your connection between the server and the browser. However, the FREAK, Poodle, ShellShock, BEAST and Heartbleed vulnerabilities on the encrypted SSL/TLS connections exposed the need for an additional security layer.

OZON understands this requirement and delivers a 360° cyber security solution dedicated to online shops and SMBs who need to protect themselves against sophisticated cyber-attacks and frauds. Don’t be afraid anymore of data customer thefts (SQL injections, XSS), compromised sites (malware), or sites unavailability (DDoS). All these functions are performed in real-time and do not require technical skills or significant financial resources. So, what are you waiting for? Try OZON Cybersecurity for free!

Régis Rocroy

Engaged in IT security at the beginning of the Internet revolution, I’m acting as security consultant and security architect for accounts in banking and eCommerce.