HTTPS is an encrypted protocol that allows 2 computers to communicate over the Internet. Serving your website’s pages over HTTPS rather than HTTP increases security and visitor trust. It prevents browsers from labelling your site as insecure and helps your ranking in search results. And it costs little to set up. There is no reason to hold back.
So what does HTTPS mean?
HTTPS (or Hypertext Transfer Protocol Secure) is the secure version of HTTP, a protocol used by 2 computers communicating over the Internet. With HTTPS the communication is encrypted which prevents third-party eavesdropping and tampering, so-called man-in-the-middle attacks and attempts to spoof a trusted website. The TLS (or Transport Layer Security) certificate that you will often see mentioned refer to the encryption method that ensure the privacy and data integrity of the communication. The SSL or Secure Sockets Layer protocol is now superseded but remains a commonly used term as shorthand for encryption.
It has been around for some time. Any website that collects sensitive information from its visitors will be running on HTTPS. The pages of your bank’s website are served over HTTPS. Ever noticed the little green or grey padlock icon in the browser’s URL field?
These last few years the movement towards more encryption has strongly accelerated (see Google’s recent statistics on this). 81 of the top 100 sites on the web now use HTTPS by default according to Google. Some technical issues, such as outdated hardware, are obstacles to wider adoption. Some governments try to get in the way because it limits their ability to monitor Internet communication. But earlier concerns like the additional delay caused by the initial handshake (contact) between computers are not significant anymore for most websites. In fact the use of encryption allows the use of new and faster features such as HTTP/2 and AWP.
My own anecdotal observations suggest a significant limiting factor, at least for small websites, is the owner’s lack of awareness of the high benefits and low costs of HTTPS. In all fairness this is a relatively recent development and it certainly is a technical one.
Find out if you website is secure
The easiest way to tell if your site is secure is by viewing it in a current version of Chrome or Firefox. If you do not see a grey or green padlock icon in the URL bar, your site will soon have “Not secure” warning.
To learn more about which components of your site are not secure check it with the Why No Padlock tool.
HTTPS is secure and considerate
The fundamental goal of HTTPS is better security. Unless it is taking payments, a simple website like the typical photographer’s or athlete’s website will function fine without it. That said, more security doesn’t hurt and could, for example, prevent the site from being spoofed.
A second direct benefit will be the signal it sends to your visitors: you care about their experience and you want it to be as good as possible. A safe neighborhood is more welcoming than a dangerous one and you want your visitors to trust you.
It also signals performance: you understand the latest technology and your communication is as professional as the rest of your work.
Avoid the “Insecure website” label
Beginning in January 2017 Chrome started marking HTTP pages that collect passwords or credit cards as non-secure. The longer-term plan was to mark all HTTP sites as non-secure.
That time has come. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.
Every browser has its own way of warning that HTTPS encryption is either entirely missing or not functioning properly: a red shield icon, a red padlock, a pop up window, a warning page, etc.
HTTPS will improve your site’s Google ranking
For many people one of the most compelling reasons to make the switch will be to avoid the negative effect that unencrypted sites will incur in searches.
In August 2015 Google announced they were “starting to use HTTPS as a ranking signal“. A year and a half later in December 2015 they said they were “adjusting [their] indexing system to look for more HTTPS pages“.
Firefox, Apple (Safari) and Microsoft have also announced similar steps to mark insecure websites.
Conclusion: switch to HTTPS
HTTPS will benefit your visitors and your site’s ranking. It’s cheap, if not free, and relatively easy to do. No downsides and it is increasingly important you make the move.
You can purchase a certificate from your hosting provider (some hosts like WP Engine provide them for free), use Cloudflare or get a free certicate from Let’s Encrypt.
And, as always, if you need help with this get in touch.
