Should You Upgrade Your Website From HTTP to HTTPS?
A growing number of websites are switching from traditional Hypertext Transfer Protocol (HTTP) to Hypertext Transfer Protocol Secure (HTTPS). Also known as HTTP Secure, it offers a more secure connection by encrypting downloaded and uploaded data. You can quickly identify HTTPS websites by looking for the protocol acronym prefixed to the site’s web address.
No other steps are typically required when launching a website with the standard, default HTTP protocol. For HTTPS, however, webmasters must acquire and install a TLS certificate, which can be somewhat time-consuming. So, should you upgrade your website to HTTPS?
Protocols such as HTTP and HTTPS are used to govern the manner of data exchanges between a user’s web browser and the server of the website he or she is visiting. Aside from the nuances in technical specifications, the main difference between is that HTTPS is encrypted while HTTP is not.
With HTTPS, all exchanged data is encrypted using the Transport Layer Security (TLS) protocol — the successor to Secure Sockets Layer (SSL). It does this by scrambling the original data with an advanced algorithm so that only a user with a corresponding key can read it. Cybercriminals may still intercept the data between a website and its visitors. Assuming the site uses HTTPS, however, they won’t be able to decipher it; thus, protecting both the website and its visitors from cybercrime.
On the other hand, sites using the HTTP protocol are vulnerable to data theft. Cybercriminals may steal data sent to or from the site’s server and use it for nefarious purposes. If a visitor purchases something on the site using a credit card, for instance, a cybercriminal could steal their financial data.
Popularity of HTTPS
How popular is HTTPS? According to Mozilla, HTTPS encryption protects more than half of all internet traffic on its FireFox web browser. A 2017 Google Transparency Report revealed similar findings, indicating that users across all the primary operating systems — Windows, Android, Chrome, Linus, and Mac — spend two-thirds of their time on HTTPS websites. Before 2016, these numbers were reversed, with HTTP accounting for the most significant share of Internet traffic.
Now Google is telling website owners to switch before July 2018 otherwise its chrome browser will display a not secure message warning in the left side of the address bar on all HTTP pages. Mozilla has confirmed they will follow through as well as it now seems it is all just matter of time before we are all forced to make our pages more secure.
The bottom line is that HTTPS is now more popular than traditional HTTP, and this isn’t a trend that will fade anytime soon. Encryption offers one of the most reliable and efficient safeguards against cyber threats. And being that cybercrime is on the rise, we’ll likely see even more websites using HTTPS in the future.
Benefits of Switching to HTTPS
The number one reason for switching to HTTPS is security. By upgrading your website to HTTPS, you can rest assured of the protection of your visitors’ data and your site’s data. As a result, visitors trust HTTPS sites more than their HTTP counterparts.
There’s also some belief that HTTPS is easier to optimize for search rankings. In 2014, Google announced the use of HTTPS as a ranking signal, meaning websites running this secure communications protocol get preference in Google’s search results over non-HTTPS sites competing for the same keyword. While HTTPS is a small ranking signal that affects fewer than 1% of all websites indexed by Google, it’s still an easy way for webmasters to promote higher rankings.
Furthermore, payment processors require client websites to use HTTPS. In other words, if your site sells a product or service (or otherwise accepts payments or donations), you’ll need HTTPS for compliance.
How to Set Up HTTPS
When you are ready to make the switch to HTTPS, you’ll first need to acquire a TLS certificate from a Certificate Authority (CA). When a visitor accesses your site, your server will send his or her web browser a copy of the document, which also includes the decrypt key necessary to decipher the data (don’t worry, this all happens almost instantly). Different CAs charge different amounts for their certificates, typically as an annual subscription. You should first check with your domain registrar and web hosting provider to see what SSL products they have available.
There are dozens of different CAs. Some of the most well-known include:
- Let’s Encrypt (free, offered by the nonprofit Internet Security Research Group)
It’s important to note that while TLS is the new, default encryption protocol for HTTPS, many CAs still refer to them as SSL or SSL/TLS. If you see a CA offering SSL certificates, chances are it’s the newer TLS certificate. With that said, there are three different types of TLS certificates.
- Domain Validation (DV) —: The easiest to obtain but the riskiest for visitors, DV certificates involve validating through domain ownership. The CA checks to make sure the applying individual or business owns the domain before issuing the certification.
- Organization Validation (OV) — Before issuing an OV certificate, the CA checks the applicant’s background and information. It’s a more thorough application process, but OV does offer greater security for visitors.
- Extended Validation (EV) —The most comprehensive of the three is the EV certificates, which the CA issues only after thoroughly vetting the applicant. Additionally, only select CAs are authorized to issue EV certificates, making it the preferred choice among serious online business owners.
Whether DV, OV or EV, all TLS certificates display the HTTPS prefix in visitors’ web browsers as well as a padlock. Only EV certificates, however, show a green search bar.
After you’ve acquired a TLS certificate, you’ll need to activate and install it on your site’s server. This process can be somewhat complicated, so it’s usually best to contact your web host for specific instructions. They’ll either instruct you how to install the certificate or offer to do it for you.
Certificate installation can take up to two days, so be patient. Once installed, you should check to make sure it works by visiting https:/www.yourwebsite.com. Assuming you installed it correctly, you should see the padlock and HTTPS in your web browser.
There’s one last thing you’ll need to do: go back and update all of your site’s link URLs to the HTTPS version. If you have a checkout button, for instance, it will use the unencrypted HTTP protocol until you change it.
P.S. Wondering where to get started on your Digital Marketing campaign? Click here for the SEO report tool and see how you score.