For many years, “HTTP”, or “hypertext transfer protocol” was the foundation for all Internet communications – defining how all data sent between a client and server is formatted and transmitted, and how Web servers and browsers respond to various commands. Unfortunately, HTTP has become a less secure method of communicating across the internet, with shared information increasingly vulnerable to hackers.
To combat this vulnerability, a new version of HTTP called “HTTPS” has been introduced. While many users don’t realize it, the “S” at the end of “HTTPS” actually stands for “Secure”. The “S” adds a layer of security by encrypting the transfer of resources across the web, thereby making them less vulnerable to hackers. Along with the added security, HTTPS includes performance improvements and introduces powerful new features that improve upon HTTP.
To switch a website to HTTPS, a security protocol must be added between the client and server – and once they agree to use the protocol, an electronic “handshake” must take place. This “handshake” is made through the use of a digital certificate, which the server sends to the client. The standard technology used to make the switch to “HTTPS” is “SSL”, or “Secure Socket Layer” – and SSL certificate must be purchased to encrypt website data and meet the recommendations set out by organizations such as Google.
Switching from HTTP to HTTPS
For the past few years, looking to make a more secure web, Google has strongly recommended that all websites switch from HTTP to HTTPS. Unfortunately, statistics show that the majority of websites still haven’t switched over. The good news is that although most websites still don’t use HTTPS, most of the top websites have already made the switch, meaning that over half of all website traffic is encrypted. That said, the remaining traffic that still hasn’t been switched over leaves countless users, and their data, vulnerable to being hacked.
Google and other browsers want users to know that when a site URL begins with just “HTTP”, this means that the site is not secure, and it does not have an SSL certificate installed. HTTPS is fast-becoming, and will soon be, the leading indicator that a website is secure enough to visit. This increasing enforcement means that all websites need to switch over to HTTPS and get their SSL certificate in order to successfully market their business, generate leads, and make sales via the web.
It’s hard to know exactly why so many websites have yet to make the change to HTTPS and SSL, but there is a lot of misinformation out there regarding how much it costs, how it might hurt a website’s rankings, how difficult it is to implement, and even that it simply isn’t necessary. These are all myths that Google and other proponents of HTTPS are working to dispell.
Why upgrade to HTTPS?
Where in the past, the purchase of an SSL certificate and the move to HTTPS was especially recommended for websites that wanted to allow their users to take certain actions (such as making purchases, creating accounts, submitting forms, signing up for newsletters, or performing searches), these days, it is crucial for all websites to acquire an SSL certificate and move to HTTPS. Here are some important reasons to make the switch:
- Any legitimate business that has a website should purchase an SSL certificate. Implementing and maintaining a SSL certificate usually costs $200 to $300 annually – not a huge investment at all, especially considering how much business could be lost from visitors turning away from a site that is deemed insecure. And your web host may have less expensive (or even free) options bundled with your cPanel hosting account.
- All websites need to make the move to HTTPS – in particular, those companies that sell things through their websites. Most payment gateways don’t even work properly without SSL, so it is absolutely critical that all e-commerce websites switch to HTTPS as soon as possible, if they haven’t already done so.
- Google and other search engines are increasingly using HTTPS as a ranking factor. Although it is only one factor among many, it is now widely believed that those sites with SSL certificates tend to rank higher in search results, so it would a good part of any SEO plan to invest in an SSL certificate.
- Google Chrome and other browsers have been issuing alarming warnings when users try to access an insecure HTTP site. Over the past year, Chrome has began marking some HTTP websites as “not secure” – and this effort will be fully enforced when Google releases Chrome 68 in July 2018, when all HTTP sites will be marked as “not secure”. Not only that, when someone tries to access an HTTP site, it will issue a scary warning that makes it very clear that the site is not secure.
Aside from ensuring that your website is more secure than if you were still on HTTP, switching to HTTPS also provides assurance to your clients that your website is safe for them to use. Imagine your customers trying to access your HTTP site, and getting a warning from their web browser, stating that your website is not secure and that proceeding to visit your site may leave them vulnerable to having their private info hacked. They will likely be scared away, afraid that continuing on will leave them vulnerable to hacking, etc. They will just continue along to one of your competitor sites, one that has already implemented HTTPS, and that competitor will get the sale(s) that you have lost.
Make the Switch – Hire a Professional
Some website owners claim to have faced a decrease in their search rankings after implementing their SSL certificate and switching to HTTPS. However, this is not an indicator that SSL and HTTPS have a negative effect on rankings – rather, it means that whoever performed the switch did something very wrong. HTTPS is meant to give a website a boost in rankings, not hurt them, and a properly implemented SSL certificate will not adversely affect search rankings.
Unless you (or someone you know) have implemented SSL before, we strongly recommend that you hire a professional to handle the switch to HTTPS. There are various things involved in the process, and a professional will know the ins and outs better than anyone. It is easy to make a mistake in this process, and as a result of such mistakes, your website can suffer both long and short-term negative effects in search results performance and other areas.
The myths associated with moving to HTTPS are just that, myths. The switch won’t cost you much money, time, or effort, it won’t leave you MORE vulnerable to hackers (instead, it will leave you far LESS vulnerable), and it won’t adversely affect your search rankings (as long as the switch has been made properly). For a small cost, and the effort of hiring a developer, you can enhance your website, making it a safer experience for both you and your clients, and showing that your company is invested in helping make the web a more secure place.
Do you need help migrating your website to HTTPS? Contact us today for a no obligation consultation.