Posted on

Making our website more secure with HTTPS

First of all, Happy 2018, and thanks for visiting our site.

If you have been visiting our site for a while, you might have noticed some slight changes on our website (or rather our website’s url, to be precise).

Previously when you visit our website, no matter which page you are on, our urls will starts with and right now if you look up to the address bar of your browser you will notice that the url now starts (noticed the additional “s” after the http?)

What is this all about?

So, basically https is a secured version of http whereby all communications between your browser and our website will be encrypted –  if you happens to be using chrome browser, you’ll notice a green colour padlock with the word “Secure” on the left hand side of the url (which means that the chrome browser has verified that the website is secured).

Website verified to be secured by Google Chrome

How does this benefits visitors to our website?

By encrypting communications between visitors (you) and our website, we help to prevents intruders from being able to passively listen to communications between you and our website and hence protect your privacy and security. Without the encryption, any information that you provides to our website can be visible to third parties (intruders/hackers).

*If you are interested in knowing more about HTTPS, here’s an article by Google on why HTTPS matters.

Since HTTPS is so important, why wasn’t this implemented way earlier?

  1. We do not collect sensitive information. When HTTPS was being introduced, it was more targeted for websites that collect or process sensitive information like credit card number or passwords.  As the most sensitive piece of information that we collects from you is your email address when you made an enquiry to us, we felt that HTTPS implementation wasn’t the most crucial task yet as there are many more important areas in the website that need to be taken care of first. Right now as the number of enquiries that we are receiving has increased and the more important issues for our websites has been taken care of, we felt that it is time to address the HTTPS implementation for our website.
  2. Technical complexity of implementation. Although it seems like a simple job of just adding a “s” after the HTTP, the actual implementation is quite complex and involves lots of changes on our website. As we do not have a team of programmers or developers to do the job for us, we ended up spending quite an amount of time researching and running tests to ensure that everything is implemented correctly and that our website can still runs smoothly after the implementation.

How else do we ensure that our website is secured

Just the implementation of HTTPS is definitely insufficient to protect our website and visitors against hackers. We do have some additional processes in place to tighten the security of our website like:

  1. Running security scans regularly to check our website codings, scripts and plugins for any security vulnerabilities. When it comes to security scan, most people might think that only computers and hard disks need to be scanned regularly but unknown to many people (and even many website owners), it is crucial to regularly scan your website for any potential vulnerabilities – and where this is concerned, we can proudly say that we are super religious about it.
  2. Updating the backend of our website regularly to ensure that all our softwares and plugins are using the most updated version. This ensure that any known security loopholes are being patched up as soon as possible before any hackers/intruders can exploit the loopholes.
  3. We limit the amount of information that we collect from you. We do not collect or process sensitive information (eg, credit card info, or paypal password) from you and instead for any online payments, we will direct you to the Paypal’s website to process the transaction. This ensures that in the very unfortunate event that our website is being compromised, your payment information will still be safe as the transactions are being processed directly by PayPal (even though it can happen but it’s very much less likely that PayPal system will be compromised).

That’s all for this round of updates and we just wanted to let you know that we will continue to enhance our website security to ensure that your privacy and security will not be compromised when visiting our website.