Is your website encrypted?
Back in 2014, Google announced it would begin using HTTPS encryption as search ranking signal. If you are still serving your site over basic HTTP in 2017, you may be missing a key part in your SEO strategy.
The good news? It’s never been easier to jump aboard the HTTPS train and secure your traffic.
HTTPS (also known as HTTP over TLS, or Transport Layer Security) uses SSL/TLS certificates to identify your website and encrypt data in transit to your website’s visitors.
Google will be pushing further with the release of Chrome 56 later this month, announcing it will mark all non-HTTPS pages containing password and credit card input fields as “Not Secure”. Eventually, Chrome plans to show a Not Secure warning for all pages served over HTTP, regardless of whether or not the page contains sensitive input fields. Here’s what visitors will see in the new version:
There are several ways obtain an SSL certificate for your site — many of them are completely free, and only take a few minutes to set up. Since Siteleaf supports publishing to any web host, you can choose the option that best fits your needs.
We’ll review our favorites in this blog post, starting with CloudFront (which we use ourselves for this blog).
1. CloudFront
Amazon Web Services offers free SSL certificates using their Certificate Manager tool which you can pair with CloudFront to handle the delivery and encryption.
AWS is an obvious choice if you are already using S3 for hosting, but it can also work nicely with GitHub Pages or any other external host. Along with HTTPS, you’ll be getting a global content delivery network (CDN) to accelerate your traffic.
While the certificates are free, CloudFront does add a small cost, but its very affordable at a few pennies per GB of bandwidth. Pro users will appreciate the powerful settings to control (or disable) cache, and the ability to automatically invalidate cached files from S3 using Lambda functions.
Here are some tutorials to get set up with HTTPS and AWS:
2. Cloudflare
Cloudflare is another strong option giving you free SSL, a global CDN, as well as advanced security features like DDoS protection. It’s completely free for personal sites, and works with GitHub Pages, Amazon S3, and any other external host.
If you are looking for a simple, straight forward setup, Cloudflare may be the choice for you.
Here are some tutorials to get set up with HTTPS and Cloudflare:
3. Let’s Encrypt
If you publish to your own FTP or SFTP server, you can install a free SSL certificate from Let’s Encrypt, an automated and open certificate authority. Like CloudFront and Cloudflare, these certificates can be set up to automatically renew, so you’ll never have to worry about expiration dates.
Here are some tutorials to get set up with HTTPS and Let’s Encrypt on a few popular web hosts:
Instructions may vary by host, so check your provider’s help docs for specific details on how to install an SSL certificate.
Here’s to a happy and secure 2017!