Posts

Do I Really Need to Upgrade my Website from HTTP to HTTPS?

The short answer is a resounding YES!

HTTPS stands for HyperText Transfer Protocol Secure and its purpose is to secure communication on the internet. By securing communication, we’re referring to protecting the privacy and integrity of data that is exchanged while users are visiting a website.  If the data is not secured, then hackers are able to intercept data that is being transmitted through these insecure (i.e. HTTP not HTTPS) websites.

When HTTPS first came onto the scene, it was mostly ecommerce websites that needed to worry about securing their websites. This was because these websites were processing credit cards and collecting other important personal information about their visitors. It made sense to encrypt personal data over ecommerce sites but, as the internet progressed, it made more and more sense to make sure that every website was secure.  And that’s where Google stepped in.

Google has long been making recommendations that webmasters should make the switch to HTTPS. They were even going so far as to say that it was a ranking factor back in 2014 insomuch as they would give an HTTPS enabled website precedence in the search results.  Then, in July of 2018 Google made it mandatory that all websites should have HTTPS.  And by mandatory, they meant that they were going to start calling out and downgrading non HTTPS sites.

Now, Google doesn’t own the internet and so it’s really up to the website owner if they want to change over to HTTPS or not. What Google does own, however, is the largest search engine in the world (well, 2 of the largest search engines if you include YouTube) as well as one of the most popular web browsers, Google Chrome. That kind of means that if you want to get traffic to your site, you had better listen to what Google is telling you to do.

So how does HTTP/HTTPS affect search engine results?

We’ve already stated above that Google has said that they will favour HTTPS sites over HTTP sites in the search results.  This translates into less and less HTTP sites appearing in the top search result pages.  Google’s ultimate goal is to ensure that the websites they are showing in the search results are secure (and relevant). The only reason that you’ll still see insecure sites for any given search query is because, even though the site is insecure, Google still thinks that it will match the searcher’s query better than another secure site further down its index.

How does a non-HTTPS enabled site affect the user?

Most (if not all) web browsers these days have some type of warning that is meant to inform the user that the site they are visiting is insecure.  Different browsers show these warnings in different ways.  Apple’s Safari browser is one of the browsers that shows the least in the way of warnings for insecure sites, Mozilla Firefox is somewhere in the middle while Google’s Chrome browser does its best to put it front and center.

In the Firefox browser, the warning is not super prevalent as you can only see it by way of a shield, which, if you didn’t know what it was, you would probably just ignore. Clicking on that shield, however, tells the user a little more information about the insecure site they’re visiting. In this instance, the connection is not secure (not HTTPS enabled) and the browser is blocking some content on the site. This is usually things like Google Analytics as well as some social media platforms that use some type of tracking.

Firefox shows a bit more of a pronounced error when the site has HTTPS enabled but is still not secure because some of the content (oftentimes images) is being served from insecure sources. This lock with the exclamation mark is what warns users that the site they are visiting has insecure content.

Some web browsers – such as Google’s Chrome browser – warns the user that they are about to visit an insecure site. This can come by way of a large interstitial warning page such as:

If a user comes across this page, they are not likely going to click the Advanced button and then hit the option to proceed to your website.  Would you?  Even if the page above doesn’t show up, the user will still see an exclamation mark beside “Not Secure” to the left of the URL (i.e domain name) in the browser bar.  Below are a couple more warnings that Google Chrome users might see when they are visiting an insecure site.  Just more signs telling the user not to proceed to the site…

 

So What Does All This HTTP(B)S Mean to Business Owners?

In a nutshell, it means that your business is losing customers and your brand is losing trust. From a user’s perspective, if they can’t trust your website, why would they take the leap and trust your business?

Is Your Website Insecure?

If you currently own a business that has a website online, then visit your site online to see what it looks like in different browsers. Look at your website through the eyes of one of your customers. In browsers where you don’t automatically see the starting HTTP / HTTPS of the website URL, then double click on the website URL (as if you’re going to copy/paste the link) and it should show up at that point.

Upgrading and securing your website is not as hard as you might think (if that’s what you do for a living).  Once we know what your site is built with (ie. custom coded, WordPress, Wix etc), then we can give you a pretty good idea of how best to make the change.

Get in touch with us today to find out how we can help secure your website.