Archive for February 10th, 2016

By February 10, 2016 Read More →

How to Implement Website Security without Compromising Website Performance

Back in 2013 we discussed some ways of making your website more accessible, which included a simpler web design and a responsive design for mobile. However, as time goes on, more and more criteria pops up that needs to be implemented. One of which that has had an increased significance over the past few years is website security.

A Brief Overview

With the increase of spamming sites and those that fall into other categories of abuse, Google wanted to be able to place authority and higher ranking on legitimate sites – essentially rewarding the good and syphoning out the bad. Not to mention that encouraging sites to become secure just makes the online world a safer place for everyone. In order to reward secure sites, in 2014 Google announced that the secure setting or the HTTPS domain extension is now being considered as a ranking signal. This meant that all professional sites, if they wanted to maintain a good SERP ranking, needed to include an SSL certificate – which can be found here – ensuring not only that their websites were secure, but that they wouldn’t lose search engine ranking. It seemed like a win-win-win scenario.

The Benefits of SSL

Ultimately, the advantages of having an HTTPS secured domain is that it does just that – secures your site. HTTPS verifies that the correct connection is being made between the website and the server and prevents other sites intercepting this connection or tampering with this connection process. The HTTPS also encrypts communication and ensures that browsing history, account passwords, or credit card numbers are all protected from being intercepted as well. In the end this ensures that your site is prevented from being hacked and that your website visitors are safe.

How to Implement SSL Security without Losing Site Speed

Of course everything has both a pros and cons list, and one of the major cons of an SSL domain designation, due to its extra portals of communication between servers, is that it presents speed issues. Since website loading speed is also a crucial component of the SEO ranking, and is in itself a ranking signal, therein lies the problem! So the challenge was to find a way to ensure that both ranking signals were satisfied without website performance being compromised. This requires reducing the number of connections or “handshakes” that need to be made to authenticate the HTTPS domain, which can be achieved through implementing:

    1. HSTS

This stands for HTTP Strict Transport Security. What is does is communicate that the browser should only connect using HTTPS and automatically redirects HTTP requests to HTTPS so that the server doesn’t have to perform the redirect.

    1. SPDY

Just like it sounds, this is a Google speed up module (meant to make your site speedy). It speeds up TLS connections by processing multiple requests through a singular connection.

    1. OCSP

This stands for Online Certificate Status Protocol and verifies the standing of the SSL certificate (if it has been revoked or is still in the clear). The goal is to relieve the browser from having to cross reference this information to verify the certificate.

    1. HTTPS Keep Alives

By keeping it alive, it means to keep the connection open, eliminating additional “handshakes” or the need for the browser and server to communicate and authenticate. These can have a significant impact on website speed.

    1. Resumption and Session Tickets

These are basically requests that allows the browsers and servers to communicate faster by overall reducing the communication time. Essentially, it does this by assigning a session ticket to a site that a browser has already visited, that way when it is visited again, the ticket informs the server that the SSL certificate or encryption has already been verified, and the request to view the page resumes without the need for another authentication process.

In the end it is better to have a secure site, which protects your company or business and your customers. Optimising your server to quickly process the SSL so that your site can remain fast as well as secure, is the best method for safeguarding your ranking and website performance.

Posted in: Editorial