Redesign: Gone secure. Gone https

11 February 2020 | 8th Edition

With any luck there will be a little padlock icon visible next to the address of this site in your browser's url bar, rather than an ominous 'Not-Secure' or a warning exclamation mark or symbol of some kind.

Yes that's right — we've gone secure. And in this we are following a good portion of world's active websites. And that proportion will only grow.

Why the change?

Well back in July 2018 Google's updated version 68 Chrome browser started showing sites as non-secure if they were not using the HTTPS protocol. In fact since 2014 Google has preferenced ranking secure sites over non-secure. So for search engine optimisation purposes, it is the way to move. An admirable sentiment one might say, from a big player. I mean who wants an unsecured internet?

First, let's be clear, this site, like many others, is an interest-only site that sells nothing, nor asks for nor processes any personal information. And anyway not being secure doesn't mean that there is actually anything wrong with it.

So what has security got to do with us?

HTTPS (that is, the 'secure' version of non-secure HTTP internet protocol) standard protects more than just submitted form data. HTTPS keeps the URLs, headers, and contents of all transferred pages confidential. Essentially it's forming a closed pipe between your browser and the hosting website. So no scripts, images or false adverts or other malicious content can be injected between hosting server and viewing browser, it's a closed system.

And for a site's protection: no malicious changing of words or adding other content onto a page, or using one site to maliciously attack other sites.

In both cases HTTPS protects against so called 'man-in-the-middle-attacks'.

So really it's a no brainer to go HTTPS.

Why now?

For many reasons. But coming back to the site in December 2019 and deciding a refit was in order, it just made the move to a secure server both sensible and prescient. Let's get the housework done before we get down to the redesign.

It's good to keep up with these developments and it benefits everyone ultimately. And goodness knows how important it is to keep the internet free and healthy.

But it hasn't been without its issues. It's taken a week of messing about with htaccess files, changing links and deleting old scripts. I'll detail these a bit more extensively in the next instalment. But ultimately it's now been done, the first upgrade step achieved.

Further reading

For a extensive view of what HTTPS is, how it came about, and how to set it up, see The Complete Guide To Switching From HTTP To HTTPS.

Information on the free automated Certificate Authority Let's Encrypt.

If you still need convincing, then read this Does My Site Need This?.

Ends