With the massive use of the internet, it is necessary to provide the people who browse your website with the assurance that they do so safely. Websites that require the registration of users or that are an online store are required to have an ssl certificate and are https pages. However, all websites should be secure, even if they are nothing more than a personal blog.
Many online scams such as phishing emails that lead to a fake page of a bank are usually not secure pages and is the way to detect that they are not legit pages. However, on many occasions the cybercriminal buys a hosting and a domain, and the page is secure, since he has paid for it or has used a free certificate.
Add https to your website
An SSL certificate is a digital certificate that authenticates the identity of a website and allows an encrypted connection to exist. SSL stands for Secure Sockets Layer, a security protocol that creates an encrypted link between a web server and a web browser. If a web page has that certificate it will appear in a padlock to the left of the URL and will have green bits and secure marks.
In many cases your hosting provider allows you to hire a secure certificate. However, there are several ways to get that certificate easily and for free. You can for example use Cloudflare very quickly and easily, which will simply put HTTPS on a website in a short time. You can sign up and create an account from here.
Once we register, we will click on Add site. As soon as you do, you will see some DNS server names. DNS or domain name server, as the name suggests, is an address of an Internet service, which basically functions as a telephone book. When someone types in a search engine a search criterion, the search engine shows you a list of ordered pages. On that page is your page. If someone clicks on the link, it sends you to the DNS server and the server channels the user to go to the web server where the page is hosted and shows it to the visitor.
Activating https on your website
If we use Cloudflare we must change the DNS servers of our hosting provider to be those of Cloudflare. There are several paid services, but there is also a free version that serves perfectly. To activate the secure certificate on your website you must point your name servers (DNS) to Cloudflare. You must add the primary name server and a secondary name server.
Updating domain names can take up to 24 hours, during which time your website will not stop working. This is because the new DNS servers must spread through the network for them to be recognized and for visitors to arrive at our page with that new configuration.
Web traffic will go from old name servers to new name servers, without interruption. We must also remember that we must activate the option “Always use HTTPS” to force the visitor to always enter through a secure protocol.
Valuing website security
The Ssllabs website offers a free tool for you to check your SSL certificate. This free online service performs an in-depth analysis of the configuration of any SSL web server. The information you submit is used solely to provide you with the service. For example, for this website the score is B, which is quite good, but it can be improved.
Insecure websites among the most visited in the world
You can see a list of insecure web pages on whynohttps.com/,which is managed by security expert Troy Hunt. Each of these web pages are loaded over an unsecured connection without redirecting to a secure and encrypted connection. The 100 websites displayed on the page represent 6% of the 1803 largest websites in the world.
Summary
It provides a visitor with the confidence of being in an encrypted and secure environment is critical in the age of the internet. All websites that intend to offer a service, either by buying or selling a product, or by publishing news of any kind, must have an SSL certificate installed on their website and browsing through secure http.
References
- whynohttps.com/
- httpsiseasy.com/
- www.troyhunt.com/heres-why-your-static-website-needs-https/
- scotthelme.co.uk/https-anti-vaxxers/
- www.troyhunt.com/how-i-got-pwned-by-my-cloud-costs/
- https://letsencrypt.org/stats/#percent-pageloads
- https://docs.telemetry.mozilla.org/datasets/other/ssl/reference.html
- https://www.ssllabs.com/ssltest/index.html
- https://youtu.be/mVzdEl5G0iM
- https://scotthelme.co.uk/tag/crawl/
- https://www.troyhunt.com/why-no-https-heres-the-worlds-largest-websites-not-redirecting-insecure-requests/
- Victor Le Pochat, Tom Van Goethem, Samaneh Tajalizadehkhoob, Maciej Korczyński, and Wouter Joosen. 2019. “Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation,” Proceedings of the 26th Annual Network and Distributed System Security Symposium (NDSS 2019). https://doi.org/10.14722/ndss.2019.23386
