https versus http


  • Newcomer

    Hi,

    I came across this on another website. Is there anything we need to do about this? Thanks

    “HTTPS AND SSL CERTIFICATES
    ANATOMY OF THE PERFECTLY OPTIMIZED VACATION RENTAL WEBSITE
    By January 2017, Google Chrome will start warning users that HTTP pages are non-secure.
    So even if your website is completely secure, users will see a warning. On the other hand, Google will boost search rankings for all HTTPS websites.
    In addition, SSL certificates make your website more secure for users. It’s essential on pages where your users give their credit card information and/or other personal information.
    However, it’s better to have it on your whole website!”

    Thanks

    Sherry


  • Explorer

    Interesting. I notice the my MyVR website is http.

    So does that mean we are at risk? Also, will our Google search ranks suffer?


  • MyVR Employee

    Hi Guys,

    A few clarifications. Sherry, you are quoting an article by Google, this one:

    https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html

    There is more to the quote that is relevant here (see bold)

    Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that **collect passwords or credit cards as non-secure**, as part of a long-term plan to mark all HTTP sites as non-secure.

    All payments on MyVR are encrypted and take place over HTTPS with no exceptions. Also @John-Klein you should note that MyVR’s site is only available on HTTPS not, HTTP.


  • Explorer

    Tristan, Please see this message that I am receiving with my website. And please note that it seems to be http:

    0_1485888208464_upload-bc769baa-f3f6-4be0-bcee-a4eb5e950377


  • MyVR Employee

    Hi John,

    I apologize, I thought you were referring to MyVR.com (which is on https at all times).

    With your website, and every other on MyVR’s platform the booking flow is secured with https (see below).

    0_1485888386069_upload-ed929d7d-99eb-4801-bbb0-550b960ce2a4


  • Explorer

    OK understood. Thanks.


  • Newcomer

    @Tristan-Brotherton , I saw that a verbiage a couple different places so I wasn’t sure if there was something we needed to do - like by an SSL certificate for our domain name.
    Thanks for the clarification. So for now, the issue of https is limited to pages that accept credit card payments and you guys have that covered…


  • Leader

    Just wondering - the bold print says “as part of a long-term plan to mark all HTTP sites as non-secure.” - should there be a plan to move all of our pages to https://? - And if we’re using our own domain, is this something WE need to do?


  • MyVR Employee

    We will of course stay up-to-date with any requirements to make sure our clients websites align with best practices. As of now we don’t feel like this represents a priority, but that opinion may change in time. The are some nuances to SSL, (cost, required client documentation, support for custom domains, etc) that don’t make it a trivial feature addition.
    Feel free to add this as a product suggestion though!


  • Leader

    @Tristan-Brotherton - I don’t think I phrased my question very well. Here is where I will really show my ignorance when it comes to SEO and website security…

    I have my own domain name. Will the requirements to convert http://premiumbeachcondos.com --> to --> https://premiumbeachcondos.com be something that MyVR will need to do in the long run or will it be something that I will need to do as the owner of the domain? Do I have to pay for a level of security at my host site for this? Or is this about how the page is written?

    Did any of that make sense? LOL


  • MyVR Employee

    Hi Jenny,

    Short answer, a bit of both.
    There can be a documentation requirement for the domain owner. There is the purchase of the SSL certificate itself (the part that does the encryption for your domain name) and finally there is setting up your website to “talk” as SSL.

    As we’d want to make this a very easy process for our customers, we’d need to automate a lot of that, so as you can imagine its not a trivial task. Especially as currently it offers no further security benefit to our customers (our transactions and payments are all encrypted under already SSL), and a negligible benefit for SEO.


  • Newcomer

    @Jenny-Oest , that’s what I was wondering too. I think my hosting site (Hostgator) sells that certificate but I didn’t know if it was something I should pursue.
    i don’t know enough about all this. The http vs https may or may not affect SEO but I know what I do when I see a notice that says that a site isn’t secure 🙂 I imagine other people, like potential guests, would feel the same way.
    I’m certainly glad it’s at least on the booking/reservation page already and hopefully it won’t be required on the other pages any time soon.
    Off to figure out how to do a product suggestion


Log in to reply
 

About the MyVR Community

Looks like your connection to MyVR Community was lost, please wait while we try to reconnect.