Posted by Roger

‘Hacking’, as we all know, is a major problem on the internet and one that is of increasing concern for website security.

Why Hack?

Hacking of small and medium sized businesses is not usually carried out with the intention of damaging the site or taking it offline, but is done simply to gain access to the server. The server can then be used as a transmission point for so-called Distributed Denial of Service (DDoS) attacks on other sites. If hackers have gained access for this purpose, your site may not be affected but may be slower to load. The other purpose of hacking is to gain access to data you may have stored on your server including, potentially, your email. If you have any commercially sensitive data on your server, this could be at risk from hackers.

Encrypting the Data

An effective way to guard against unauthorised access and keep yourself secure is to encrypt the data that moves between your server and the devices used by anyone accessing your site. You should, of course, already be doing this is you are taking payments online. If you are not encrypting the data, then the logon id and password that you use to access to your site will be passed as entered over the network connection you are using. It is relatively straightforward for hackers to ‘spy’ on the connection and acquire the data that is passed.

Encryption of the data is achieved fairly easily by installing a security certificate on the server and making minor amendments to some of the internals of your site to ensure the certificate is being used properly. If this is done properly, you’ll see a green padlock icon in the address bar of the browser and the web address will be preceded by HTTPS. You will see the green padlock on this website.

Browser Behaviour

Chrome Website security warning Google is pushing hard to encourage all website owners to make their sites secure and is giving sites that have taken this step an additional (but small) boost in the search engine rankings. I believe this boost will become greater in the next 12 months as Google relentlessly pursues its objective of making the web a safer place.

Google is planning on marking ALL non-https sites as ‘Not secure’ in the near future.

Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as "not secure," given their particularly sensitive nature. In following releases, we will continue to extend HTTP warnings, for example, by labelling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy.

Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.

Source Google

Password security warning Firefox Firefox 52 (the current version – March 2017) is also taking this approach and marks HTTP pages with passwords or credit card fields as ‘not secure’ both in the address bar and below the insecure fields.


So even if your website doesn’t take payments or require users to register, you’ll soon find your web pages marked as non-secure. This will surely have a negative impact on how site visitors feel about your business.

There are significant advantages of making the move to HTTPS to improve website security and now is the time to get started to ensure you keep your company website safe and secure. Contact us now to find out how we can help secure your website.

More from the blog

The unreliable other - 3rd-party dependencies

Old black and white photo of broken down car with a small crowrd gathered around it

Sometimes, in life, things we rely on don't work out as expected. It's the same with your website, especially with external services that your website relies on. However, there are ways of managing these 3rd-party dependencies so that they don't cause too much trouble. The external dependencies are, for example, fonts, videos, ads, reviews, analytics. The worst case scenario is that, if one of these services fails, it prevents your web pages from loading. I strongly suggest doing an audit of the external services your website uses and find ways of managing these so that if one does fail (or loads very slowly), it doesn't affect the load time of your web pages. Fast loading web pages are important to your users and important to search engines so worth getting to grips with this issue. Find out more here.

Read more

Website image sliders need to go - now

Sliders, carousels, rotating offers on websites need to go

Sliders (also known as carousels, rotating offers or rotating banners) were a very popular feature of websites during many years. They were frequently used at the top of the home page and were regarded as a great way of displaying a number of important aspects of a business. However, there are a number of problems with these sliders that weren't apparent initially. Research shows that the advantages are strongly outweighed by the downsides and sliders need to be retired.

Read more