Top 5 questions about HTTPS
HTTPS is a hot topic right now — with Chrome penalising sites that don’t have it, and Google rewarding those that do, more and more websites are making the move.…Read More
If you own or manage a website, and the URL still starts with HTTP rather than HTTPS, we recommend you fix that right away.
Why? Well, that depends on if you prefer the carrot or the stick. There are certainly significant benefits to making the change as soon as possible, but there’s also the threat of looming punishment for leaving things as they are.
There are plenty of reasons why you should install an SSL certificate on your site; here are the top five.
The most pressing reason for making the change is that Google wants you to — and Google’s opinion really matters. They’re probably sending a fair amount of the traffic your site recieves, and it’s worth following their recommendations to keep your site appearing in search engines.
Hypertext transfer protocol. It’s the main way that information is passed around the web to your browser or app.
Hypertext transfer protocol secure. A security certificate (called an SSL certificate) authenticates the transfer of data. This is set up by the server and happens automatically.
If the thought of offending the algorithm isn’t enough, Google has also been rolling out a warning system over the past year — more and more HTTP sites are marked “not secure” in the Chrome browser bar. This started with ecommerce sites, moved on to sites where visitors enter any kind of data (such as contact forms), and in July 2018 this will roll out for all HTTP sites. This means that if your HTTP site isn’t showing an ugly warning now, it will in a couple of months.
These warnings will affect the user experience of visitors to your site — no-one likes to be told they’re hanging out somewhere unsafe! As it is, many visitors may already have a negative association with HTTP, whether or not they see a warning, as HTTPS is associated with up-to-date, well-maintained sites, while sites on HTTP tend to be less well looked after.
If you think that it doesn’t really matter that Chrome is showing this warning because you never use Chrome anyway, it’s worth knowing that Chrome now has 60% of market share. So even if you don’t use Chrome, visitors to your site do.
Google isn’t doing this for no reason — HTTPS really is a lot safer.
HTTP (“Hyper Text Transfer Protocol”) is the protocol that sends information between your browser and the website you’re visiting, and HTTPS is the secure version of this protocol (the S is for “secure”). This means that the data is encrypted before being sent, making it harder for hackers to steal that data as it’s making its journey. This is particularly important when sharing sensitive data like credit card details when making an online purchase.
However, it’s not just online stores and banks that need HTTPS. Any time anyone shares any personal data (such as filling in a contact form), this data should be sent securely — that’s why Google rolled out the warning on sites with forms as part two of the great war against HTTP.
For sites that don’t have any stores or forms, HTTPS is still important — it decreases the risk of content injection. With HTTPS you can be sure that you’re seeing the site you expect to see, and not a false front. And eavesdropping and man-in-the-middle attacks are a lot less likely.
What is a man-in-the-middle attack? It’s when two parties think they’re communicating with each other, but a third player is intercepting these communications and altering them for their own purposes. It’s not great.
Another large benefit is that HTTPS gives access to HTTP/2, a significant revision of the protocol used to send data. One of the major benefits of HTTP/2 is that it’s faster, as it was designed to decrease latency to improve page load speeds. Since page load speed is a major factor in SEO, switching to HTTPS (and HTTP/2) can improve your search engine optimisation.
SSL certificates vary in price depending on the level of security required, but services like Let’s Encrypt now provide free basic SSL certificates. The terms SSL and HTTPS are often used interchangeably, which makes sense because they’re very closely connected! SSL (Secure Sockets Layer) technology creates an encrypted connection between the server hosting your website and the web browser your visitors are using — so SSL is the technology that makes your site use HTTPS, and installing an SSL certificate is part of the process you need to go through to make your site HTTPS.
Installing an SSL certificate isn’t particularly straightforward, unfortunately, and using a plugin certainly isn’t recommended. We strongly recommend you ask a competent developer to run the upgrade for you, as many of the (multiple) steps required are quite technical. Check out this article that features an 29-step process to go through; Performance Foundry’s process includes a similar number of steps spread over multiple days.
You can also read Google’s support documentation about HTTPS. Spoiler: it’s complicated.
Performance Foundry hosting clients have access to a discounted HTTPS upgrade service, which can be purchased here.
Unfortunately we are unable to offer this service to sites that are not on our hosting service, since the process can be significantly more difficult on other hosting platforms. However, perhaps our hosting service is right for you — check out the details and sign up here.
HTTPS upgrades are also included in our development packages, so get in touch using the form below if you’re considering a full site redevelopment.
Whatever your situation, we recommend you upgrade to HTTPS as soon as possible!