HTTPS has become a web-standard & one of those practices that every webmaster should follow. HTTPS is great for the security of data as it encrypts the data transferred between users & a website. Especially it protects them from common hacking practices such as data sniffing & man-in-the-middle-attack.
I won’t get much into the technical side of it, but let me quickly give you an overview of how HTTPS is useful for security of users like you & me.
HTTP (Hyper-text transfer protocol) S (secure)
When you open a website using HTTP protocol, or submit a form online, your data is transferred in plain text & a hacker can use sniffer tools to capture the transmitted data & see the information you have submitted. Sometimes which also includes your username & password. When you access a website that uses the HTTPS, the transmitted data is encrypted & your information is secure. This is one reason all banking & e-commerce sites are using HTTPS from day1. Below image shows the difference between HTTP & HTTPS protocol: Last year, Google made HTTPS as a standard practice & an official search engine ranking factor. This story generated a mixed reaction from bloggers & websites owners, as there is no money transaction happening on the website & HTTPS doesn’t seem so important for information based blogs/websites.
From my understanding on this topic, I believe it’s important to have HTTPS even for the blogs, as no middle-man can alter the information. If you are up for learning more about it, I suggest you to read this article on Man-in-the-middle-attack.
You can learn more about Google’s HTTPS everywhere mission with this video;
So far, I haven’t implemented HTTPS here at ShoutMeLoud, which is long over-due & will be done in the coming months.
One reason for the same is the mixed content issue, which I have explained at the end of this article. For now, here is a great news for BlogSpot blog owners, as Google have rolled out free HTTPS for them. In this guide, you will learn everything about enabling HTTPS on your .blogSpot blog & few important things related to it.
How to make your BlogSpot Blog HTTPS enabled for free:
This feature is already enabled for all the BlogSpot.com users. Those users who are using the custom domain name, they need to wait for a while before they can take advantage of it. If you have a blog with .blogspot address, follow the steps mentioned to enable HTTPS for your blog.
- Login to your BlogSpot dashboard
- Click on the dropdown & go to your blog settings
- Go to Settings > Basics & look for HTTPS Settings option
- From the HTTPS availability dropdown, select yes & save the option.
That’s it, and your blog is not HTTPS enabled. Your blog will become accessible over both HTTP and HTTPS connections.Though a word of warning, this may cause some issue due to mixed content on your blog.
This can be caused by a few things such as images on your blog hosted on HTTP site. Mixed Content errors occur when a web page downloads its initial HTML content securely over HTTPS, but then loads the follow-up content (such as images, videos, stylesheets, scripts) over insecure HTTP.
These browser errors will degrade both HTTPS security and the user experience of your blog. If all your blog images & content are hosted on BlogSpot platform only, you might not face any such error. You can read this help guide to fix it or probably wait for few months before enabling HTTPS.
This feature will be available for bloggers using the custom domain name with their BlogSpot blog in the coming months. I believe most of the serious Blogspot bloggers have already purchased a domain name rather than using generic .blogspot domain address.
Here is official help page for enabling HTTPS on a BlogSpot blog.
I will update you once this feature is available for all BlogSpot bloggers. For now, I would like to hear your opinion on: Is HTTPS important for information based websites? Here are some of the best articles for BlogSpot users from ShoutMeLoud Archive: