It’s certainly a subtle change, but recently you might have noticed that more website addresses are preceded by ‘HTTPS’, rather than simply ‘HTTP’. It may seem insignificant, but if you’re running a website, and haven’t switched over, it could soon become a problem. So, what does HTTPS mean and why is an SSL certificate important?
HTTP stands for ‘Hypertext Transfer Protocol’ and the added ‘S’ stands for ‘secure’. HTTP is a communications protocol used to send and receive files on the internet. SSL stands for ‘Secure Sockets Layer’ and it’s the technology used to establish an encrypted link between a server and the browser that accesses it. ‘HTTP’ is part of the web address, and when this address is secured with SSL it will be displayed as ‘secure’ showing ‘HTTPS’ instead.
Until recently using HTTPS wasn’t critical to a site’s operations, now however, there is increasing pressure to run it. In fact, Google has begun a push to get rid of the old HTTP format altogether. In January 2017 Google announced that the security of the connection to any given website would be displayed in the address bar, and other browsers are following suit. Clearly this is not ideal for instilling confidence in users.
This important change confirms that Google intends to reward websites that provide the best user experience with a higher rank than those that do not. HTTPS protocol has in fact already been one of Google’s ranking factors for almost a year. With this change and by marking websites as Not Secure, Google is making it clear that the quality of the user’s experience is becoming ever more crucial to how it ranks pages.
So, what’s the significance of this for website owners and their users? As of now, the ‘not secure’ message is displayed on any login page on your site, and can be seen by clicking the information button next to your site address.
Clearly this warning could put users off. It could easily lead a user to believe that your site’s security has been compromised or that there is another fundamental security issue – something more serious than the fact that you have not yet installed an SSL Certificate.
It’s important to address this issue before it starts to impact user’s perception of your brand and site – so how is it remedied? The first action is to upgrade your hosting by adding an SSL Certificate. Some hosting providers will do this for free, most charge a small fee, renewable annually.
You then need to set up the certificate throughout your site. It is possible to set up SSL yourself, but it’s necessary to note that it isn’t quite as simple as Google’s guide to implementing SSL might initially lead you to believe. You will need to update your internal links (including CSS, JSS and image links) to HTTPS, prepare redirects for all your URLS from HTTP to HTTPS, fix how external scripts are embedded and change any iFrames to HTTPS. Your web developer is the best person to ask.
SSL ought to be considered as a kind of insurance for your site. It won’t ever fully guarantee that your site will never be compromised, but it does mean that should something go wrong with your site’s security, you can confidently say that you did everything you could to try to negate the issue before it happened.
If in doubt, contact your hosting provider, the importance of confidence in the security of your website can’t be overstated, particularly if you expect users to share sensitive data like credit card numbers or contact information. SSL and HTTPS are part of making your brand a trusted entity for both new and returning users.
If you’d like any advice on upgrading your site to HTTPS, do get in touch