How to Secure Your Website Part I: Communication

Share This
Paul Weinstein

Security is about risk management. Online, security is about reducing the risk of exposing information to the general Internet.

Consider the two actions occurring on any device connected to the Internet:

  • Communication
  • Storage


Communication is the heart of the Internet. The standard Internet protocol suite, known as TCP/IP (Transmission Control Protocol and Internet Protocol), is the basis for a collection of additional protocols designed to interconnect computer systems across the world in different ways. For example:

  • Domain Name – DNS (Domain Names System)
  • Email – SMTP (Simple Mail Transfer Protocol)
  • Web – HTTP (Hypertext Transfer Protocol)

Unfortunately, in the initial designs of the Internet, preventing unauthorized access to data while in transit and the verification of the communicating parties were not primary concerns. As a result, many of the protocols that use TCP/IP do not incorporate encryption or other security mechanisms by default.

The consequence is that anyone can “listen in” (not just the NSA) as data is transmitted across the Internet. That is, none of the protocols in the sample list employ any kind of encoding that restricts access to the data as it travels from one system to another.

HTTP – the protocol of the web – does, however, have a solution to this problem. SSL (Secure Sockets Layer) establishes a process to incorporate cryptographic methods that identify the parties in communication and establish a secure method of data transmission over the web (HTTPS).

Note: Today SSL’s successor is TLS (Transport Layer Security), but it is still commonly referred to as SSL (or more accurately SSL/TLS).

Since the initial phase of establishing a SSL/TLS connection incorporates intense mathematical calculations, implementation in the past had been limited to specific webpages (an e-commerce site’s checkout page, for example). However, today the trend is to implement as broadly as possible.

  • Popular sites, such as Google or Facebook, will conduct all communication over HTTPS by default by redirecting the initial HTTP request to HTTPS.
  • Popular web browsers will attempt to connect to a website via HTTPS first by rewriting the initial HTTP request to HTTPS before attempting a connection.

Does your website need SSL/TLS? That’s a risk assessment you need to make with your web developer and hosting provider. But consider:

  • The trend is to secure more data in transit, not less.
  • Your website’s visitors are not just concerned about sensitive information that they are actively providing (credit card information, for example), but other information they are actively and passively providing, such as what webpage they are viewing.

Our next security post will cover the second topic: data storage. In the meantime, have a question about security and the web? Post your question in the comments section below.

Share This

What are your thoughts?

By signing up you agree to our Privacy Policy.

Comments (3)
  • nice…While now google implementing Google Pigeon, some says its better to have your domain secured with https . what d’you think ?

    • I appreciate Google providing an additional incentive for adopting SSL. However, as they will tell you, their PageRank formula is always changing.

      The question is really, are you looking to add a layer of privacy and security for you and your users, knowing that there is the additional benefit of recognition of said act by Google? Or are you investing in a one year SSL certificate that you’ll abandon shortly thereafter, for temporary SEO points?

      • You should start by getting a ransomware protection service from It will have an instant impact on your site’s protection. I hope that you will find it helpful. Can’t wait to see your feedback and have a conversation about it.

Join over 16,000 people who receive web marketing tips every two weeks.

By signing up you agree to our Privacy Policy.

Share This