This Week in Getting Hacked: More Like EverNOT, Right? Edition
December 16, 2016
What Does Being an IT Pro Really Mean?
January 10, 2017It was a little more than a month ago that almost a million shoppers were faced with the risk of their bank details and credit card details going public, thanks to faulty WordPress plugins. This not only affected online shops, but quite a number of healthcare websites also fell victim to the November cyber attacks as well. Millions of client and customer databases became instantly available to the hackers.We do not yet know if this is to make up for their lack of vigilance, but what we hear is by 2017 Google will weigh SSL as a ranking factor for websites.
The dawn of 2017 will see multitudes of new features in WordPress that will require the host to have HTTPS. This will be quite similar to the transition we made when JavaScript became necessary for having a smoother functioning of websites. Having an SSL only makes sense to help the users transcend to the new era of safe online communication.
What’s the Word from the Experts?
The creator of WordPress, Matt Mullenweg announced that all upcoming versions of WordPress will include brand new features. These features can only be supported by hosts that support HTTPS. No further details of the features were provided by Mullenweg but it was clear that he wanted the WordPress team to start pushing their users to make HTTPS mandatory for their websites.
Very recently Parisa Tabriz Tweeted about Google’s intentions on calling out the “unsafe” sites without any covert hints. Tabriz currently manages Google’s security engineering team.
HTTP, we’re readying to call you out for what you are: UNSAFE! https://t.co/KuA6ARoH6n #enigma2016 https://t.co/Vs69HDZc2J
— Security Princess (@laparisa) January 26, 2016
This is a part of the “encrypt all the things” and “HTTPS everywhere” drive that was started with an aim to condone the less secure HTTP protocol.
Wasn’t HTTPS Already a Part of WordPress.com?
Yes, WordPress.com already provides free HTTPS to its followers but it was not a necessity for good SEO. By the beginning of 2017, The WordPress Foundation will start promoting hosting platforms with SSL certificates. They plan on accomplishing this through their WordPress.org project.
What Is the New HTTPS “Trend”?
HTTPS is nothing but the conventional HTTP protocol with an extra, but a very necessary layer of SSL encryption. This SSL encryption is what keeps your passwords, transactions and card details between your computer and the servers secure. It’s main purposes are to secure your connection directly to the server, and making sure that only your server can read what you are sending and vice versa.
Earlier, HTTPS were a lot costlier and a lot slower. With the advent of PHP7 in 2015 new pathways were opened for the development of new generation HTTPS. Running HTTPS is now a lot cheaper and costs lesser in terms of server resources. Currently, Google has a new found penchant for websites with HTTPS. All HTTPS websites are ranked above similar websites with comparable content but lack HTTPS (only HTTP).
WordPress holds around 69 percent of the CMS market share in the current times. It is now known to almost everyone after the a Black Friday debacle that not all WordPress sites are running on the latest versions, but moving them to a HTTPS host will work miraculously for user-end privacy and data security.
How to Identify the Defaulters?
If you are seeing that red “x” over a padlock on the URL bar more frequently these days, it’s possibly because Google wants us to stay safe. Google wants everything on the internet to travel through secure channels that cannot be intercepted by eavesdroppers. Having a secure connection with HTTPS entails security of data and the assurance that only you and the server are the only two members of an ongoing “conversation”. Currently,Google only displays a red cross if there’s something wrong with the encryption of a host server, but very soon Google will go all out to penalize websites that do not have an HTTPS host.
If you are already hunting down your web history to look for any unsafe website you have visited, worry not! Most of the searches, mail accounts and drives are automatically secure on Google. The same, however, cannot be said for people who have a proclivity for VPN services.
In the meantime, what should you do?
Weadvise you to stick to conventional and mainstream browsers for the time begin while you conduct user transactions. And at the same time, think about migrating your WordPress website(s) to a new HTTPS host. If you are running a business heavily reliant on networking or client servicing, you will understand the pathos of the recent developments. But any such website including retail, real estate, healthcare, medical and dental sites will be benefited in the long run.
HTTPS: A Luxury or a Necessity?
Google security engineering and management teams have been running reiterating tests over the last few months to figure out which websites are secure and which need an SSL technology. They have seen websites using encrypted connections as a signal in their search ranking algorithms. Since the results were majorly positive, Google is about to take the initiative of using HTTPS as ranking factors. At this moment only about 1 percent of the global queries are being affected. Google is giving reasonable time for the remaining websites to switch to an HTTPS host or the hosts to adopt the new HTTPS protocol.
The web had never been a completely secure place. Almost all the rumors about government agents and hackers listening in on your private conversations are a part of our real world problems. So if your website deals with sensitive information, your customers have full right to know the status of their security and privacy. With Google vetoing for HTTPS, it is high time you made a move too!
