HTTPS? Yes, please.
•Download as PPTX, PDF•
0 likes•571 views
This talk will focus on the factors that are driving HTTPS adoption across the web and why it’s a good idea to secure every project. We will go over how SSL became an SEO rank factor, how it opens doors to performance optimizations through the new HTTP/2 protocol, and how it is now much more accessible with the free SSLs provided by the Let’s Encrypt initiative.
Recommended
Recommended
More Related Content
Viewers also liked
Viewers also liked (6)
More from SiteGround.com
More from SiteGround.com (20)
Recently uploaded
Recently uploaded (20)
HTTPS? Yes, please.
- 1. HTTPS? YES, PLEASE. J and Beyond 2016 Kiril Hristov @kirilhristov
- 3. STATE OF ENCRYPTION online store, banks and others that transmit sensitive data art blog, tech site, brochure website and others that seem harmless
- 4. LET’S FREAK OUT Reason 1: Privacy
- 7. WIFI PROBLEMS • We use unsecured networks • Passwords are crackable
- 8. SSL • You are talking to who they claim to be. • No one can see the conversation. • No one has tampered with the data.
- 10. HOW SSL WORKS
- 11. Client Server private public RNc Client hello, SSL session request, RNcRNc RNc RNs Server hello, sends over SSL cert, Public Key, RNs RNs public RNs public PMSc PMSc, encrypted with the Public KeyPMSc PMSc MSMS Each side calculates the MS, starts using it for secure communication MS MS
- 13. HTTP2 • Need SSL to run http2 • Faster site performance (multiplexing, header compression, server push) • Easy implementation when web host supports it
- 14. DEMO TIME
- 16. IT’S GOOD FOR SEO Reason 3: Rank Higher
- 17. LET’S ENCRYPT Reason 4: It’s Free
- 18. • Free Security • Easy Installation bit.ly/encrypt4free • No Dedicated IP Required • Trusted by all Major Browsers • Auto Renewable
- 19. IMPLEMENTATION
- 20. 1. Get a certificate 2. Configure your server bit.ly/hardwayssl 3. Configure your site (Joomla!) 4. Test the configuration ssllabs.com
- 21. GLOBAL CONFIGURATION -> SERVER -> FORCE SSL : ENTIRE SITE
- 22. MODULE MANAGER -> LOGIN FORM -> ENCRYPT LOGIN FORM:YES
- 23. TEST THE CONFIGURATION SSLLABS.COM
- 25. QUESTIONS? YES, PLEASE. Kiril Hristov @kirilhristov
Editor's Notes
- https = http over SSL/TLS, encrypted web connection yes, please = something you say after awesome things will talk about encryption and the latest benefits for projects Kiril Hristov, PM at SiteGround
- What I do at SiteGround Personal story Encryption in all 3 circles UX - privacy, speed Tech - how it works, basic implementation in a Joomla! site Business - higher search ranking
- How the industry views encryption SSL absolutely necessary on left side of spectrum Skepticism at the right side of spectrum Purpose of the talk - Secure by Default bcs of added benefits
- Several reasons to use SSL Privacy is first, it’s Scary, so it’s a great Motivator
- Freely downloadable software that can sniff networks (Debooke for Mac) Connected to the same network Scan and get a list of all the devices connected
- Target any device on the network and monitor it’s http traffic Unencrypted - see all websites a person visits (scary), pick up session cookies, login into sites as them (even scarier) Joomla! admin example Encrypted - only see the domain
- Skepticism - Connected to the same wifi requirement - they have passwords they’re secure We use networks that don’t have passwords (out of town esp) Passwords are crackable
- SSL fixes these issues (we saw in the demo). Everything between client and server is encrypted. User data and privacy Your own admin data
- See these in buildings, why? As Site owners we have responsibility to protect user privacy Even if it’s just what they are reading, that info may be revealing If we have users logging in and interacting, responsibility is even bigger
- Show how/why SSL is secure (Technology) Useful to convince self/others is to know how something works
- Privacy - UX circle on the user side, Business circle Technology - how ssl works Done with traditional application of SSL, not much new Now we get into the added benefits
- Need SSL - browsers only run http2 w/ SSL Concerns that SSL slowed down sites The web has evolved, handshake and encryption are not resource intensive HTTP2 actually makes sites faster, mainly multiplexing Super easy to start using it when web host supports (just need SSL)
- What better way than to see it How do I know I am running http2? Network tab shows protocol Browser extension - HTTP/2 and SPDY indicator
- About a year ago Google announced it How much of a ranking factor? Not a major one There are 200 other factors Rule of thumb - What’s good for users will be good for rankings One more thing to add to your SEO best practices And why not when it’s now free?
- - Relatively new, open certificate authority, provides free SSL certificates
- 2,000,000 certificates adopted by many hosts with easy installation ~75 Dedicated IP - as a whole is no longer needed with SSL, many integrate Let’s encrypt in this way, so no added cost here 90 day auto renewable certs
- Get free or buy SSL Config should be taken care of by host (most cases)
- Forces SSL across the site. Can be done with .htaccess and configuration.php files
- Extra setting of the login form to use SSL for credentials Set to NO by default even after forcing SSL on site Have not tested if it continues sending in plain text, maybe address this during Make it Happen
- - Very detailed SSL checker
- Mixed content when migrating http -> https Due to http requests to resources(.css), http links to other pages on the site, http content on pages (e.g. images)
- Recap before the Q & A The image - privacy, traditional SSL application Added benefits Speed Search engine rankings Now free and easy to get SSL through LE