Step 6 from the 7 Day Sequence: 7 Easy Steps to Secure Your Website
Here comes the sixth post from our security sequence. Yesterday we told you more about the importance of having a reliable hosting partner for securing your web presence. Today we will focus on connections. It may sound disappointing but this post does not concern connecting people or having fun. We are going to discuss encrypted secure connections on the web. Step 6 in brief: Use an Encrypted Connection.
Using an encrypted connection is extremely important not only for you, but also for your website’s visitors.
Is it really so crucial? Yes, it is!
When we speak of communication and data transfer on the web we can refer to the following protocols and services: Mail (email), FTP (file transfer) and HTTP (web).
All those services transfer data in plain text during the server-client communication.
This means that if the connection is not encrypted, a third party can:
- Intercept and read your email correspondence;
- Intercept and read files you download or upload via FTP;
- Intercept and read your communication with a certain website: What you have entered on your profile; Access credentials to a certain website.
You must use an encrypted connection to protect data you provide while using online services.
Note: For all hosting services and Managed VPS servers SuperHosting offers an encrypted connection to the hosting account when sending/receiving mails (SSL/TLS SMTP/IMAP/POP), transferring files (FTPS, SFTP) and loading websites (AutoSSL).
How to protect your data?
1) Use an encrypted FTP connection.
To do so it is necessary:
- For the FTP server to support an encrypted connection.
- For your FTP client to support an encrypted connection.
To secure the FTP connection to your hosting account you need to use one of the following encryption methods: FTPS (File Transfer Protocol over SSL) or SFTP (SSH File Transfer Protocol).
2) Use an encrypted connection when sending and receiving emails
Securing email communication requires using an encrypted connection for IMAP/POP as well as for SMTP.
Here again encrypted connection should be supported by your mail server and your mail client.
Almost all popular email clients support encrypted connection as most email servers do.
Email client configuration depends on the software you are using, but the end result should be using an SSL/TLS encryption for the respective protocol (IMAP, POP and SMTP).
No matter what email client you use, you should look for and activate the settings for an encrypted connection to the mail server. For example, with the most popular email clients such as Mozilla Thunderbird, MS Outlook, Mail in Android and iPhone such option can be activated upon adding a new email account.
There is also another way to secure your correspondence – via webmail. Webmail is one of the fastest and convenient ways to check your email especially when you need to do so from another computer. For the webmail connection to be secured you need to load it over https.
3) Use an encrypted connection to access websites where you provide sensitive data (login pages or pages with confidential content).
When you provide sensitive data to a website, e.g. you fill in your credit card number or full name and password, make sure you load this website over HTTPS.
Check if the URL starts with https in your browser’s address bar. The protocol may not be displayed in some browsers so you need to click on the address bar to display the whole URL. If the URL starts with http this means that the connection to your browser is not encrypted and all data provided on this website is not protected against interception. Try loading the website by changing the protocol to https.
How to protect your customers and your website’s visitors?
Use an SSL Certificate and HTTPS encrypted connection on your website.
You need to do the following things:
1) Install an SSL Certificate on your website
You can get an SSL Certificate by purchasing it or by generating in cPanel a free one such as AutoSSL.
You can read more about generating and installing SSL certificates on our help page: cPanel AutoSSL – SSL Certificate for Each Domain.
2) Configure your website so that it loads over HTTPS
After there is an installed SSL certificate for the domain, the next step is to configure loading your website over HTTPS.
If you are using a CMS in most cases configuring HTTPS is a few clicks away in the admin panel.
You would better check what the CMS you are using requires to configure it.
Using an SSL Certificate is a must-have for your web presence. There were times when an encrypted connection was required mostly for websites where sensitive data was entered. Today, however, it is required for all websites. Nowadays browsers display “Not secure” warning messages for every website which is not loaded over https and this affects all users, your reputation and search engine ranking. So do not underestimate this step and choose the most suitable SSL certificate for your business.
Listen to our advice and use an encrypted connection to protect yourself and your website’s visitors. It is easy, you already know how. Do not miss reading the last step from our sequence. We will post it tomorrow!