1. Install a SSL certificate. As a website creator, you should ensure that traffic to your website is HTTPS-encrypted. By encrypting traffic to a website, you ensure that any communications to or from that website cannot be seen by an eavesdropper. If you were to mail a letter that contains a private message or your personal information, would you rather send it on a postcard or in an envelope? The envelope is the physical equivalent of HTTPS because it prevents parties who have access to the envelope on its way to the recipient from reading or changing its contents.
Installing SSL allows you to encrypt data on your website. Websites that have an SSL certificate use HTTPS, as opposed to HTTP (which means that a connection is not encrypted). Major browsers may also show a lock sign next to a secure connection and warn users if the website is not secure.
How to get SSL:
You can buy webspace at Secura GmbH and get at one click installed SSL for free or you fetch yourself free certificates at Let's Encrypt
2. Make sure your entire website is encrypted. Many website owners donft realize that a single page that isnft encrypted could potentially be used to gain access to the rest of the website. To avoid this, you need encryption on your entire website, not just for pages that are collecting credit card numbers or log-in info. Even unencrypted landing pages that redirect to an HTTPS page can pose risks. A single page that is unencrypted can become a backdoor for bad actors to snoop on the rest of the site.
How to ensure encryption:
- Use a top-level domain that is HSTS-preloaded. The HSTS preload list is a list of websites which modern browsers will only load over an encrypted connection. The fastest way to get on this list is to use a top-level domain that's already on the HSTS preload list, like .app, .dev, or .page. Any website on those extensions gets the security benefits of HSTS-preloading from day one, so all you need to do is install your SSL certificate.
- Alternatively, you can add your website to the HSTS preload list yourself. Websites can be individually added to the HSTS preload list by the website owner at hstspreload.org . Keep in mind this can be a slow process because the list is manually built into the browser. That means updates to the list are made as new browser releases come out, which can take months to occur for all browsers.