Working with HTTPS, a question of security

Our management tools can already function with the secure server protocol

Google wants to boost secure browsing, using an SSL certificate and the HTTPS protocol. To this end, since July 2018 Chrome has warned users in a much more visible manner when the website which they wish to access is marked as not secure, that is, the connection between their computer and the web server is not encrypted.

Hypertext Transport Protocol Secure - better known as HTTPS - creates a more appropriate encrypted channel for the traffic of sensitive information than the HTTP protocol. A website housed using HTTPS has, therefore, certain advantages regarding security:

· User privacy

· Security of the site and immunity from malicious code

· Improved Page Rank

· Content authorship and integrity assured

· New functionalities only available in HTTPS (push notifications, geolocation...)

· Preservation of the source of advertising revenue by not permitting the injection of external advertising sources

The use of HTTPS is highly recommended for websites that can be accessed externally by agencies, call centres, distributors etc. Its higher level of security also helps compliance with the new GDPR.

To protect our clients’ security, Ad-on-Line, Ciclon and Shipo have been added to the Protecmedia tools which already operated under the secure server certificate: our management products, which focus on the internal operations of news companies, can also be used with the HTTPS protocol.

How to make a website secure

The switch from HTTP to HTTPS involves a series of complex tasks, which require a certain level of technical support.

Step one: obtaining the secure server certificate. A certificate may be requested from an official certifying authority or be generated from the web itself. This second option requires a special configuration to enable Google to recognise the certificate as authentic.

Migration starts: analysis of the mixed content and decision taking. If the website has a mixed content it will continue to appear as not secure or part of the content will not be loaded under HTTPS. This analysis of articles, templates, portlets, javascript and CSS is vital and must be carried out in depth to avoid problems later on. Following the analysis, important decisions will have to be taken, such as what to do with the suppliers of non-secure content.

Next point: activation of the protocol. Once the mixed-content problems have been resolved, the HTTPS and error monitoring is activated for a given period of time.

Finally: SEO actions. The carrying out of certain tasks in Google Search Console and Analytics is necessary for SEO purposes.

At Protecmedia we offer advice and assistance throughout this process, ranging from the obtaining and management of the SSL certificate to SEO tasks.

If you want more information about operating under a secure certification and the migration of websites to the HTTPS protocol, contact us.