HTTPS for All: Building Customer Trust Through Security

When was the last time your personal data was stolen? Chances are pretty good you are among those affected by at least one major data breach over the last fifteen years. Poor website security is often a contributing factor that allows attackers access to sensitive data. While you may not maintain an enormous customer database, you can still contribute to the overall security of the web by securing your website.

What is HTTPS?

HTTPS is the secure version of the standard HTTP protocol. HTTPS provides a security layer to protect data during transmission (sending/receiving information in form fields, etc.). HTTPS traffic is encrypted using SSL or TLS encryption method to prevent attackers from extracting content even when a connection is compromised.

Why should I switch to HTTPS now?

HTTPS is important not only for protecting billing details but also for other personally identifiable information. Encrypting information being sent back and forth between the browser and your users can help prevent a number of man-in-the-middle attacks where an attacker secretly steals or alters information as it's being passed from one party to another.

HTTPS can build trust with your audience. A secured website can give customers peace of mind when they send information through a contact form or when they decide to make a purchase. Consumers generally prefer to keep personal and purchase data secured over expending time and effort to replace a stolen credit card or report identity theft (you probably do too).

Securing content is the best reason to secure your site. Another is an upcoming change to Google Chrome. Google has been nudging website owners to move to HTTPS in an effort to better secure the web. In July 2018, a new release of the Chrome web browser (version 68) will mark HTTP sites "not secure." This designation could mean lowered customer satisfaction for websites not using HTTPS as consumers become accustomed to using secure sites.

Third-party scripts and HTTPS

All content on a site must be delivered securely over HTTPS before a web browser will label it as "secure." Third-party scripts that do not provide an HTTPS version will prevent the site's content from being displayed over HTTPS. The unsecured content will not be encrypted and could be vulnerable to interception or attack. If you're unsure about your script usage, you can contact Weebly technical support for advice on how your website might be affected. Be aware that you may need to remove third-party scripts that are not available in an HTTPS version.

How can I use HTTPS with Weebly?

You can enable SSL/TLS from your account dashboard. All new Weebly users receive a TSL certificate by default. If you do not already have TLS enabled on your site and you run into issues activating it, you can contact Weebly technical support to switch it on for you.