How Upgrading to SSL / HTTPS Can Secure Your Site and Protect Your Customers
If you have a website, you’ve probably heard of SSL or HTTPS—an internet communication protocol that adds an extra layer of security to the standard HTTP connection. Though it has been around for more than 20 years, until recently it was used mainly by websites that handle sensitive data such as credit card information. Now, however, all websites are being encouraged to adopt SSL / HTTPS.
What is SSL / HTTPS?
HTTP (Hyper Text Transfer Protocol) is the standard system for transmitting information across the internet. For websites using HTTP, all data transmitted between the site server and the browser are in plain text, so anyone who intercepts your connection can read any of the data going back and forth between the site and the site visitor, including passwords and personal and financial data.
HTTPS (Hyper Text Transfer Protocol Secure) uses SSL (Secured Socket Layer) to add an extra level of security by encrypting all communications between the website’s server and the browser used to access it.
An HTTPS connection guarantees three things:
- Website Authentication
HTTPS ensures that your customers are communicating with the intended site and not a fake version.
- Data Integrity
With HTTPS, any information transmitted between the site’s server and the site visitor’s browser can’t be altered or corrupted during transfer.
- Data Encryption
The information transmitted between HTTPS sites and visitors is private and secure, so no one else can see it in its unencrypted form.
Should You Switch to SSL / HTTPS?
In August 2014, Google announced it would begin using HTTPS as a ranking signal, but that it would be less important than other ranking signals, such as high-quality content. Google said, “Over time, we may decide to strengthen it because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the Web.”
Before Google’s announcement only 7% of page one Google results used SSL protocol. By this past summer that number was up to 32.5%, and it’s predicted to rise to 50% by next year.
Google is already taking more steps to increase that percentage. In January 2017, Google’s Chrome browser began displaying a “not secure” warning for non-HTTPS sites that require a login or accept credit card information. In October 2017, Chrome will also show a “not secure” warning when users enter text in a form on an HTTP page.
Also in 2017, Google began giving priority to webpages enabled for AMP (Accelerated Mobile Pages). AMP pages (indicated by the lightning bolt icon next to the search result) load almost instantaneously on mobile and require an SSL connection.
Starting in July 2018, Google will make a stronger push to move websites to HTTPS. The new version of Google Chrome, scheduled for release in July, will show a "not secure" warning for any site that does not use HTTPS / SSL.
How to Upgrade to HTTPS / SSL
If you would like to switch to SSL / HTTPS, here are the steps to making the transition:
- Select, purchase and install a security certificate on your site server and make sure the certificate stays up to date.
- Locate and update URLs for any content, including internal links, embedded videos, images, scripts, forms, etc. from HTTP to HTTPS.
- Test the new HTTPS pages.
- Set up 301 redirects from HTTP to HTTPS to ensure that search engines know your site’s URL has been changed, so anyone using the old URL will automatically be sent to the new URL.
- Ensure that your site is recrawled and reindexed by Google.