TLS encryption (often referred to as SSL, an older technology) is critical to eCommerce sites. It scrambles the data between browser and server so hackers can’t easily steal and use it. However, running your whole website under TLS provides several other benefits that are growing in importance. We strongly recommend you prepare to have your whole site running under TLS/SSL in the next 3 months. Your site will be more secure, load faster, improved SEO and provide a better user experience.
What is TLS Encryption?
Transport Layer Security (TLS) is a protocol that provides privacy, security and data integrity between two internet applications. For example, between a browser and a web server. It’s the most widely deployed security protocol in use. Other applications that use TLS include email, file transfers (SFTP), VPNs, instant messaging and VOIP.
How is my Site More Secure?
By using TLS encryption on every page, ALL data is securely transmitting. Many sites have forms sending unencrypted data. Often times, that’s not a big deal if it’s not credit card data. However, even less sensitive data could be helpful to a hacker or competitor. For example, wouldn’t you like to know all the contact forms submitted on your competitor’s site? By running everything under TLS, hackers can’t see anything your site is sending or receiving.
How Is My Site Faster?
In the olden days (2 years ago), SSL connections used a lot more processor power, and consequently slowed down pages loading. TLS actually helps load webpages faster a couple ways. First, once a trusted connection is established between browser and server, the browser will trust that server for a while, and stop asking for authentication. Further, soon to be released upgrades to web servers will support ‘zero-RTT’ connections. In practical terms, the browser will trust the server and allow the server to download other images and files in that page without making additional requests. Keep in mind that AbleCommerce or Magento page load DOZENS of images, CSS and other files. Each file requires another request and acknowledgement from the server, slowing down the page load. All of these changes will reduce server load and page load times.
The TLS Handshake courtesy of O’Reilly
Where Does the Better SEO Come From?
Google has decided that internet security is a good thing. As an incentive, it gives sites running under TLS encryption a small bump in rank.
A Better User Experience?
While Google has put out a carrot for early adopters to run their sites under TLS/SSL, they’re pulling out the stick too. As of January, your customers started seeing the warning on non-secure pages. Google has more severe warnings pending. Planned changes include labeling all HTTP pages with the red triangle warning symbol, currently only used for irregularities in HTTPS. In effect, this will tell visitors not to fully trust your site. Obviously not good.
What displays in Chrome when an unencrypted page loads
In conclusion, you should begin moving your site to fully run under TLS encryption. An upgrade will certainly do this – we’re launching all new sites fully under TLS. However, if you don’t wish to upgrade this year, updating a site typically only takes 3-5 hours. Contact us, and we’ll get you quote.