Does Your Website Really Need HTTPS
Before reading this article, take a second to go to your website’s home page, and observe the text that appears before your business name. If this text starts with https:, your website is secure. On the other hand, if this text starts with http: // without the “s”, then your website is insecure and will need to get some exercise.
In February 2018, Google officially announced that http websites would be labeled “unsecured” since the release of Chrome 68 in early July 2018. If your website is still in http, don’t be surprised to see this rather scary label displayed next to your website for all Chrome browser users (56% of Internet users).
Besides the rather repulsive visual aspect of this “insecure” label, many aspects related to the security and performance of your website come into play. We are going to talk about it, but before we go any further, you might ask yourself surely :
http, https, unsecured site: what does that mean?
What is https?
Https (HyperText Transfer Protocol Secure) is a mechanism that allows your internet user’s browser to connect securely to your website. In https, the sensitive data that your Internet user shares with your website is encrypted, in other words, fully protected.
Conversely, an unsecured site (http) runs a potential risk of data hacking or espionage. Concretely, in http, each time an Internet user enters personal data on your website, this information is transferred to your server in the form of readable text.
This transfer makes the data vulnerable: someone with malicious intent (and strong in hacking) could potentially intercept and use it. Hence the label “unsecured site”.
Why switch to https?
There are several reasons for wanting to go green by switching to https.
For several years, Google has encouraged websites to migrate from an unsecured site to an https site. This ultimatum is to date the most significant action taken by Google to force the switch to https.
We saw previously that the first reason for this passage was:
1. Secure the data of your visitors
As explained above, https helps ensure the security of your visitors’ data. This factor is of utmost importance for e-commerce sites, and all websites handling sensitive data. If you don’t want a hacker to be able to read this data, then encrypt it by switching to https. Concretely, they will look like this:
2. Improve your natural referencing (SEO)
Google has publicly admitted favouring the referencing of websites in https at the expense of insecure sites. Switching to https will therefore increase your chances of overtaking your competitors on search engines if they have not yet migrated.
3. Build credibility and trust in your website
Will you give your bank details to an unsecured site?
We neither. In fact, nearly 30% of Internet users pay particular attention to the “secure” green label in their browser, and more than 80% of them would abandon an online purchase if it must be made from an unsecured site. Consider https as essential to gain the trust of your Internet users.
4. Aim for performance and equip yourself for the future
There is an evolution of https, http / 2, which makes your website more efficient and faster. Http / 2 will become more and more popular in the years to come, but before you install it on your website you will need to already have https. Switching to https is therefore also a good way to adjust your web strategy for the future of the internet.
Now that we know why it is good, if not imperative to switch your website to https, let’s take a look at the question you have surely been asking yourself since the beginning of this article:
How do I change my website from http to https?
The preliminary step to migrating from an insecure site to an https site is to obtain an SSL certificate.
1. What is an SSL certificate?
The SSL (Secure Socket Layer) certificate is an electronic certificate used to secure the exchange of information between the Internet user’s browser and web servers. Concretely, the SSL certificate is a data file used to encrypt sensitive information on the Internet.
There are three types of SSL certificates:
- Domain validated certificate ($): the cheapest and fastest to install, it does not require administrative information relating to your company. Ideal for small businesses and blogs.
- SSL certificate ($): this certificate is of a higher level of security because it ensures that the company owning the website is legally recognized.
Extended validation SSL
- Certificate ($$): the most popular, because it displays the famous green bar that inspires so much confidence in Internet users. This certificate follows a very in-depth audit of your company in order to ensure the highest possible level of security for Internet users.
2. How to get an SSL certificate?
- By purchasing it: You can buy an SSL certificate when you create your website, or afterwards. Made as soon as your website is created with your host, this purchase makes setting up your https easy and almost immediate. Otherwise, a multitude of SSL certificates are available online at different prices and levels of security.
- For Free: Certificate authorities like Let’s Encrypt provide free SSL certificates through a fully automated process.
It’s up to you to choose the SSL certificate that will reconcile your budget, your needs (waiting times), and the level of security you want. When choosing, do not forget to take into account criteria such as warranty periods, or expiration dates.
3. How do I activate an SSL certificate?
Once your SSL certificate has been purchased, you need to install it on your website and activate it. Ask your web developer to help you with this step, or see Kinsta’s full guide that details all of the steps.
Certain checks and updates are imperative in order to ensure the success of your migration from http to https. Here is a checklist of the main items to check after activating your SSL certificate. Again, for this step, your web developer will be very helpful.
- Check the quality of your SSL certificate
- Perform http redirects to https
- Update http links in code
- Update the custom script and libraries
- Migrate your CDN from http to https
- Update Search Console and Bing Webmaster Tool
- Configure Google Analytics
- Update Google AdWords,
- Facebook Ads, etc.
- Check the inbound and outbound links of your website
If you want to get the details of each of these steps, the complete guide mentioned above can be of great help.
Time is running out, so go perform the https migration of your website: this drastic measure is already in place since July 2018! Fortunately, you can call on the experts in website design and optimization (see who we’re talking about?).