The internet can be a scary place. Hacking, stolen data, and malware are a huge problem for website owners.
Now, many major internet companies are pushing to make the internet more secure using HTTPS, and it’s time your website got on board.
Should you move your site to HTTPS? Yes, absolutely. And the best time is now.
First of All, What is HTTP?
HTTP (Hypertext Transfer Protocol) is a set of rules for transferring information on the internet.
It is used when a web user accesses your website and the website data is transferred to their browser. It is also used when your website transfers information users enter into it, such as a login, a contact form, or their email address for your mailing list.
The Problem With HTTP
Once HTTP rules were developed, hackers quickly discovered how to intercept the information transmitted using these rules.
They could intercept the message between the sender and recipient, see what it said, and even alter it. This was a big problem for sensitive data like credit card numbers.
What is HTTPS?
HyperText Transfer Protocol Secure (HTTPS) is the procedure for internet data to be encrypted and exchanged.
When information is sent via HTTPS, it is scrambled so that it is impossible to read if intercepted between sender and recipient.
When HTTPS is used on a website, you may see a familiar “lock” icon in your browser.
The Push to Adopt HTTPS
For years, HTTPS has been used for the most secure transactions, such as online purchases. You’ve probably learned to look for the lock icon before entering important information.
In 2014, Google made an announcement that they were calling for HTTPS everywhere on the web. Their Webmaster Basics site now says “You should always protect all of your websites with HTTPS, even if they don’t handle sensitive communications.” They emphasize that HTTPS protects the privacy and security of your website’s users.
Google has gone so far as announcing that HTTPS is now a Google search engine ranking factor. That means that, all other things equal, sites using HTTPS will rank higher than those using just HTTP.
4 Reasons You Should Move Your Website to HTTPS
If your website is still on HTTP, it’s time to take action. Here are 4 reasons you absolutely should move your website to HTTPS.
Improve Your Google Search Ranking
As mentioned above, Google has shared that HTTPS is a ranking signal in determining which sites they rank highest in search results.
When this ranking signal was announced in 2014, they called it a “lightweight signal” and said it only affected about 1% of searches. But, they also said “Over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
Fast forward to 2017, and SEO experts have mixed opinions on if there is a ranking improvement if you switch to HTTPS. Still I haven’t seen an opinion that HTTPS hurts a website’s rank, so I’d say making the switch is worth any marginal SEO benefit.
Avoid Scary Browser Warnings
Popular Internet browsers like Chrome and Firefox have started warning users when they visit or enter data on unsecured HTTP websites.
HTTP warnings in Google Chrome
As of November 2017, Chrome is prominently marking “Secure” (in a noticeable, happy green) on all HTTPS pages:
and “Not Secure” on HTTP pages with logins:
HTTPS warnings in Mozilla Firefox
Mozilla Firefox places a green lock on HTTPS pages:
And a red crossed-out lock on unsecured pages with logins:
Firefox goes a step further—The browser shows a warning below password fields if the user tries to enter a password on an unsecured HTTP page.
If you want to avoid these warnings that may deter users from your website, you need to move your website to HTTPS.
Get Better Referral Data in Analytics
Heads up, data geeks. If you like to know where your website traffic comes from, you may be getting limited information if your website is HTTP.
HTTPS to HTTP referral data is blocked in Google Analytics. This means that if a visitor comes to your website through clicking a link on an HTTPS website, the referral data is not passed. It is listed as “direct traffic” in Analytics, which isn’t very helpful.
So let’s imagine your website gets a big-deal mention on Forbes.com, and you see a huge spike in traffic. You won’t know where all the traffic is coming from because Forbes is HTTPS and the referral data isn’t passed to your Analytics tracking.
If your website is HTTPS, you will be able to see the referring domain because the referral is HTTPS to HTTPS.
Protect Your Website and Your Users
The main benefit of moving your website to HTTPS is the secure protocol’s original intent: to protect your website and your website users.
This is a great explanation from Google’s Why HTTPS Matters article:
“HTTPS helps prevent intruders from tampering with the communications between your websites and your users’ browsers. Intruders include intentionally malicious attackers, and legitimate but intrusive companies, such as ISPs or hotels that inject ads into pages.”
WIthout HTTPS, communications between your website and your user’s browser can be intercepted and tampered with.
If you want to protect your users from intruders, as well as protect information like logins, personal information on contact forms, and transaction data, your website needs to be using HTTPS.
How To Move from HTTP to HTTPS
The process to move your website from HTTP to HTTPS can vary based on your hosting, SSL certificate installation, use of CDN, and use of external services.
I have found these resources very thorough and helpful:
- Key CDN: Complete Guide – How to Migrate from HTTP to HTTPS
- Search Engine Land: HTTP to HTTPS: An SEO’s guide to securing a website
- Google: Secure your site with HTTPS
Team 11Web will be moving all of our website design clients who are on our ongoing service package. If you are lost, confused or intimidated, please feel free to contact us, and either we can help, or we we can refer you to a consultant.
It’s is much more secure to use HTTPS. This should be a standard for any website managing sensitive information.