Do you use HTTPs encryption on your website? If not, it might be time for an urgent rethink. From the start of 2017, Google’s Chrome browser will begin to warn visitors that sites which collect personal information but do not have encryption are not secure. This could cause customers that have shopped happily with you in the past to think twice about using your site. As the only option is to migrate from HTTP to HTTPS, this post will look at the things you will need to consider in order to achieve this.
Why is Google warning visitors?
Internet security stories are in the news all the time: cybercrime affects an awful lot of people and it is on the rise. Google, along with many other organisations, wants the internet to be a safer place and is doing what it can to make this happen.
In one sense, as a search engine, it has a duty of care to warn users if a site it is sending them to isn’t secure. If this has an impact on that site’s success, then Google is sending a clear message to webmasters to do more to protect their customers. Currently, only 10% of websites use HTTPS and Google wants to see this change. This new initiative is just the first phase of Google’s ‘long-term plan to mark all HTTP sites as non-secure’.
What is HTTPS?
HTTP stands for Hyper Text Transfer Protocol and is the set of rules used to transfer data from one machine to another across the internet. HTTPS is the secure version of the HTTP and is generally used on websites where there are financial transactions or where users are required to send personal information.
What makes HTTPS secure is encryption. When a user visits a website with HTTPS, the session is encrypted using an SSL (Secure Sockets Layer) Certificate. An SSL certificate is a small file which binds a cryptographic key to your website, enabling a secure connection between your server and the user’s browser. This prevents hackers from spying or stealing information as the data is transferred.
An SSL certificate ensures a secure connection to a website is authentic by acting as a trusted intermediary, ensuring the cryptographic key provided to encrypt communications is really coming from the destination server that hosts the website a visitor is browsing.
Why should you migrate to HTTPS?
The most important reason for migrating should be for the security of your customers. Google aren’t telling lies about the security of HTTP sites. Without using encryption, credit card details, personal information and passwords are all vulnerable to theft whilst being sent from a user’s browser to your server.
As the warnings from Google become a common feature of our browsing experience, internet users are going to develop much greater awareness of which sites are safe and which are not. They will begin to avoid those which are labelled as non-secure. The result could be devastating for businesses which don’t migrate to HTTPS, resulting in lower online sales and fewer user registrations. Moving from HTTP to HTTPS not only helps protect your customers’ data but also reassures them that your site is safe to use.
Another benefit of using HTTPS is that is used as a ranking factor in search engines’ algorithms. Whilst it is not the most important factor, it can help improve your site’s performance in search engine results – especially in searches related to online purchases.
HTTPS also plays a part in SEO by improving your website’s loading times. Page speed is an important ranking factor, so you will be pleased to hear that HTTPS pages load much faster than HTTP giving your customers an improved user experience and boosting the chances of your pages ranking better.
Migrating to HTTPS
In order to use HTTPS, you will first need to obtain an SSL certificate. These can be purchased from web hosting companies. There are different types of SSL certificate and before you purchase, you need to consider which is the right one for your website. Make sure you use strong security certificates and look for 2048-bit encryption for the best protection.
Choosing the right SSL Certificate
There are lots of SSL certificates you can purchase and each of them offers a different level of protection for your website. You need to look at the operations you run online before making a decision. Find the SSL that best suits your website.
At eUKhost, for example, we offer 4 different SSL certificates.
- Alpha SSL – which is designed for small websites and startups requiring the necessary security and encryption to protect their customers’ information.
- Domain SSL – designed for small and medium sized businesses that need to provide secure online payment options.
- Organisation SSL – designed for SMEs and those which take personal information about individuals as well as online payments.
- Extended SSL – designed for larger organisations and enterprises who demand maximum security for their sites and customer data.
Issues with migrating to HTTPS
Migrating from HTTP to HTTPS is comparable to a site move and can be a complex procedure. Doing so will involve the following:
- Ensuring your server supports HTTPS
- Installing the SSL certificate on your server. (We’ll do this for you at eUKhost.)
- Redirecting URLs on your site to your HTTPS address
- Ensuring any third-party plugins used on your website point to your new HTTPS address.
- Updating your Google Search Console (Google Webmaster) and Google Analytics so that they continue to operate on your site’s new address.
- Updating your Content Delivery Network URLs so that they are getting static content from your new address.
Do remember that moving address, even if it’s from http://mysite.com to https://mysite.com, can have a temporary impact on your site’s ranking.
With the issuing of warnings on non-secure websites, Google has raised the bar for webmasters once again. For websites which take online payments or accept personal information from customers the only way around this is to migrate from HTTP to HTTPS.
If you are in the position of needing HTTPS to improve the security of your websites and wish to purchase an SSL certificate, take a look at our SSL Certificate page.