Reel It Back – What Is HTTPS?

HTTP (HyperText Transfer Protocol) and HTTPS (HyperText Transfer Protocol Secure) are both protocols, or languages, for passing information between web servers and clients. All you need to know is that HTTPS is a secure connection, whereas HTTP is unsecure. With a standard HTTP connection, it is possible for unauthorized parties to observe the conversation between your computing device and the site.

This “conversation” is typically mundane, unless you are entering sensitive information such as your password, credit card information, or social security number on a website. An HTTPS connection adds a blanket of security over that conversation using an SSL/TSL protocol (Secure Sockets Layer and Transport Layer Security). This connection encrypts data to prevent eavesdropping, protects the integrity of data to prevent corruption in transfer, and provides authentication to ensure communication only with the intended website. In short: HTTP is not secure, and you should never trust your sensitive information to such a site. HTTPS is secure and is becoming the web standard.

Users expect a secure and private online experience when using a website; in penalizing HTTP connections, Google is taking steps to ensure they get it.

What Is Changing?

Currently, Chrome indicates HTTP-only connections with a “neutral indicator,” marked by an information symbol. Click it, and you’ll see a mild warning that “your connection to this site is not secure” and “you should not enter any sensitive information on this site (for example, passwords and credit cards) because it could be stolen by hackers.”

HTTPS connections, in contrast, are marked by a lock symbol next to the word “Secure.” Click for more information, and you’ll see that the site is classified as secure and “your information (for example, passwords and credit cards) is private when it is sent to this site.”

According to the Google Security Blog, this current neutral classification for HTTP  “doesn’t reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.” In an era where concerns about information security are rising and the need to protect personal data becomes paramount, these new security indications will allow users to make an informed decision about which sites to trust with sensitive information such as passwords and payment credentials.

By the end of January 2017, the latest release of Chrome (Chrome 56) will make HTTP pages with password or credit card form fields as “not secure”:

This change is just the first step in Google’s quest for more informed users on a more secure web. Google announced that future releases of Chrome will label HTTP pages as “not secure” when browsing in incognito mode. Down the road, Chrome will label all HTTP pages with a red triangle to draw further attention to the unsecure nature of the connection.

Where Are We Now?

Google reports that more than 50% of all desktop page loads are HTTPS connections, an all-time high. Most of the top 100 sites worldwide run modern HTTPS, including Amazon, Facebook, Twitter, Wikipedia, and all Google sites. There are many high-traffic sites that do not, including eBay and Microsoft. You can find an up-to-date list on the Google Transparency Report.

How Can You Secure Your Site?

To enable HTTPS on your website, you must first obtain an SSL Certificate from a Certificate Authority (CA). This certificate does a couple of things. One, it enables your site to communicate with users using encrypted, non-corruptible data. The certificate also acts as a stamp of approval from a trusted party (in this case, the CA) that says your site is legitimate and secure. Let’s Encrypt offers free SSL/TSL Certificates, while a content delivery network (CDN) like CloudFlare provides a shared SSL certificate with their free package.

Now that you have your SSL Certificate, there are a few steps you need to take to make the migration. You must approve the certificate, do a full backup of your site, change all your internal links, check code libraries, update all external links that you can, and create a 301 redirect. Don’t forget to update your URLs on Google (Search Console Analytics), AdWords and anywhere else you are running paid aids, on all your social profiles, and across all your top citations. Tony Messer put together a great guide for SEJ late last year to walk you through the HTTPS migration step by step. You can also find helpful instructions from Google Search Console Help. Concerned about losing social shares? Glenn Gabe walks you through saving social shares in WordPress following HTTPS migration using the Social Warfare plugin. Combined, these tips and tricks should guide you through a seamless HTTPS migration.

I’m Still Not Convinced – Why Make the Switch?

Data protection is by far the biggest advantage of HTTPS, but it’s not the only one. HTTPS sites also load significantly faster. In a test on HTTP vs HTTPS.com, the unsecure version of the page loads 334% slower than HTTPS – try the test on your own device and see how they compare.

That’s not all. Back in 2014, Google tried to persuade webmasters to make the switch to HTTPS and made the secure protocol a stronger ranking signal as motivation. Google flat-out said they would start giving preference to sites with an SSL in 2014.  Since that time, encrypted sites have earned a boost in rankings over their unsecured counterparts. Since that bit of motivation didn’t provide enough encouragement for sites to switch, now Google is forcing the issue. Instead of incentivizing HTTPS, Google may even penalize HTTP sites.

Conclusion

HTTPS is the current leading standard for secure sites, and any webmaster hesitant to migrate is losing ground by the day, not to mention jeopardizing the trust of their users. Chrome flagging HTTP sites as unsecure is just one step in a long list of changes soon to come intended to better protect the privacy and security of sensitive information. There is simply no reason to delay HTTPS any longer.

Source:

https://www.searchenginejournal.com/google-is-requiring-https-for-secure-data-in-chrome/183756/

PHP 7.0.0 comes with a new version of the Zend Engine, numerous improvements and new features such as

• Improved performance: PHP 7 is up to twice as fast as PHP 5.6
• Significantly reduced memory usage
• Abstract Syntax Tree
• Consistent 64-bit support
• Improved Exception hierarchy
• Many fatal errors converted to Exceptions
• Secure random number generator
• Removed old and unsupported SAPIs and extensions
• The null coalescing operator
• Return and Scalar Type Declarations
• Anonymous Classes
• Zero cost asserts

For source downloads of PHP 7.0.0 please visit the downloads page, Windows binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

The migration guide is available in the PHP Manual. Please consult it for the detailed list of new features and backward incompatible changes.

The inconvenience of the release lateness in several time zones is caused by the need to ensure the compatibility with the latest OpenSSL 1.0.2e release. Thanks for the patience!

It is not just a next major PHP version being released today. The release being introduced is an outcome of the almost two years development journey. It is a very special accomplishment of the core team. And, it is a result of incredible efforts of many active community members. Indeed, it is not just a final release being brought out today, it is the rise of a new PHP generation with an enormous potential.

Source:

http://php.net/releases/7_0_0.php

Google wrote:

To make our results more useful, we’ve begun experiments to make our index mobile-first. Although our search index will continue to be a single index of websites and apps, our algorithms will eventually primarily use the mobile version of a site’s content to rank pages from that site, to understand structured data, and to show snippets from those pages in our results. Of course, while our index will be built from mobile documents, we’re going to continue to build a great search experience for all users, whether they come from mobile or desktop devices.

With this change, Google will primarily index mobile content and use that to decide how to rank its results, regardless of whether you’re on desktop or mobile. There will no longer be any type of “mobile-friendly” adjustment done just for mobile users. Effectively, if you’re not mobile-friendly, that will have an impact even on how you appear for desktop searchers

Google is testing this but hopes to roll it out to all

Google said it has started this experiment and will “continue to carefully experiment over the coming months on a small scale.” Google will “ramp up this change when we’re confident that we have a great user experience.”

No mobile site? Don’t worry

Those who do not have a mobile version of their website do not need to worry. Google will just use the desktop version to rank the site. Google wrote, “[I]f you only have a desktop site, we’ll continue to index your desktop site just fine, even if we’re using a mobile user agent to view your site.” This also means that if you have a responsive site, one that dynamically changes content depending on desktop or mobile device, there’s nothing special you need to do.

Of course, if you do not have a mobile site, you won’t benefit from the mobile-friendly ranking boost. But that is separate from this mobile index news.

How can you prepare?

Here are some recommendations Google is giving webmasters to prepare for the change:

• If you have a responsive site or a dynamic serving site where the primary content and markup is equivalent across mobile and desktop, you shouldn’t have to change anything.
• If you have a site configuration where the primary content and markup is different across mobile and desktop, you should consider making some changes to your site.
  • • Make sure to serve structured markup for both the desktop and mobile version. Sites can verify the equivalence of their structured markup across desktop and mobile by typing the URLs of both versions into the Structured Data Testing Tool and comparing the output.
    • When adding structured data to a mobile site, avoid adding large amounts of markup that isn’t relevant to the specific information content of each document.
    • Use the robots.txt testing tool to verify that your mobile version is accessible to Googlebot.
    • Sites do not have to make changes to their canonical links; we’ll continue to use these links as guides to serve the appropriate results to a user searching on desktop or mobile.
• If you are a site owner who has only verified your desktop site in Search Console, please add and verify your mobile version.

How can I make my site mobile-friendly?

Get started with the guide to mobile-friendly sites to build your mobile-friendly site. If you need more customized advice for publishers, you can check out the AdSense Multi-Screen Starter Guide.

Source:

Google begins mobile-first indexing, using mobile content for all search rankings