Spam emails are a nuisance that we’re all accustomed to; that familiar tide of unwanted…
If your website doesn’t already have a colourful padlock icon in its address bar, is it worth the effort to get one?
That depends on what type of website you have, and how much sensitive information you expect your users to provide.
Switching your website from HTTP to more secure HTTPS is essential if you have an ecommerce site or if you handle other sensitive information. There can be benefits for other websites too, but it isn’t always necessary.
What is HTTPS?
Compared to the standard HTTP network protocol, HTTPS (Hypertext Transfer Protocol Secure) adds an extra layer of encryption between web servers and browsers. This was traditionally via Secure Sockets Layer (SSL) encryption, although Transport Layer Security (TLS) is now more common.
When you visit a HTTPS website in your browser, the protocol authenticates the site and its server to protect you against malicious attacks and keep any data you enter secure. HTTPS works in both desktop and mobile browsers.
Your web hosting company should offer HTTPS as an option when you first create your website, and they might also help you to upgrade later.
How secure is HTTPS?
There’s no denying that HTTPS is more secure than HTTP, although the precise level of security depends on the type of certificate you have.
With HTTPS, all data submitted to your website is encrypted, keeping credit card details, passwords and other information secure. This protects your site and its users against man-in-the-middle (MITM) attacks and malicious content injections, so no third party will be able to gain control of your website and steal your customers’ data for themselves.
As many websites now use HTTPS, and people are familiar with it, your customers may also feel safer when they see the lock symbol on their browsers.
Does it improve SEO?
While security is the primary reason to consider switching to HTTPS, it can also help your website to rank on search engines – slightly.
Google announced that it was introducing HTTPS as a ranking factor in 2014, giving a small boost to sites that use this protocol in the interest of raising online security. However, it’s such a minor signal (originally accounting for less than 1% of global searches) that switching to HTTPS just to improve your search ranking isn’t very practical.
The number of HTTPS websites on the front page of Google search results is on the increase, but according to Pete Meyers of Moz, this likely reflects the trend of websites favouring HTTPS rather than a direct result of Google’s algorithm. Unless you have a large site and you’re dealing in large figures, you won’t see a noticeable difference – unless Google starts pushing it more strongly.
Do I need HTTPS?
If users are required to enter their personal details or credit card information into your website, upgrading to HTTPS can be considered mandatory for the security of your customers and your business.
On the other hand, if your website or business blog doesn’t ask your customers to provide anything more substantial than their email address when signing up to your mailing list, you probably won’t benefit much from making the switch.
The exception is if you expect your site to receive a lot of traffic. If even 1% of search volume adds up to thousands of hits per year, you could enjoy the SEO boost that HTTPS provides, and it’s likely to become a more important factor in the future.
How to convert from HTTP to HTTPS
If you decide to make the switch with your site, your first stop should be your hosting company. They’ll usually be able to sell you an SSL/TLS certificate, install it for you and help you redirect your pages. If not, you might need to seek professional assistance when going through the following five steps:
1. Buy an SSL certificate
These days, when people talk about SSL certificates, they usually mean TLS. Old habits.
You need to purchase a certificate for your site to activate HTTPS. These come in three levels, depending on how much security you need and how much you want to pay:
- Domain validation – encryption only.
- Organisation validation – encryption and authentication, required if users are submitting personal information.
- Extended validation – the highest level of security, usually reserved for larger e-commerce sites.
2. Install the certificate
If your hosting provider won’t install your certificate for you, you’ll have to do it yourself. You need to have a dedicated IP for this.
The installation process varies depending on the host, but you should be able to find the information you need through a Google search.
3. Redirect your URLs
Now you have an SSL certificate installed, every page on your site will benefit. They’ll also have new URLs, meaning every one of your old HTTP pages needs to be redirected to the shiny new HTTPS equivalent.
If you built your site in WordPress, you can use 301 redirects to make this easier. If you were planning on changing your domain name or making changes to your website structure, now is the perfect time.
4. Update your links
After you redirect your pages, your existing links should also redirect users to your new HTTPS pages. But it’s still a good idea to go through your pages and change the links so they point directly where you want them to go.
You might not have power over external links to your site, but be sure to update any that you do, like your social media profiles.
5. Update other page elements
It’s not just your URLs and links that get messed up by migrating. You’ll also need to update links to resources such as images and scripts in the page source.
You can do this manually by viewing the source of each page and fixing all the links to point to HTTPS resources, or you can use a site crawling tool to make things easier.
6. Submit your site to Google
If your old HTTP site was listed with Google Search Console, your new HTTPS site won’t be. You should add your site and submit your new sitemap as soon as possible, so Google can start crawling it and there won’t be an interruption in traffic.