HTTP vs. HTTPS: How to secure and optimize your website

Development 3 min read

HTTP vs. HTTPS

Last updated: September 4th, 2018

In November of 2017 we made the switch from HTTP to HTTPS on our site.

We have been working on projects using the HTTPS protocol for years, but hadn’t considered taking the leap ourselves until recently.

In the past, you’d really only see HTTPS on platforms handling sensitive data or e-commerce systems processing financial transactions.

But with increased privacy concerns like GDPR and new Google standards, it’s quickly becoming the norm. Which means now is a good time to start securing your site.

What does HTTPS mean?

HTTP Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). In a nutshell, HTTPS protects the privacy and integrity of the data exchanged between users and web sites.

As a general rule of thumb, if a website is secure, you’ll see a lock in the address bar of your browser next to the URL. This visual cue lets you know that the data transferred back and forth is safe and encrypted.

The benefits of using HTTPS on your site

The most well-known benefit of using HTTPS on your site is security. Using HTTPS ensures the visitor that the site they’re on is in fact certified and verified by a legitimate certificate authority (more on this later).

But now there is another reason to secure your site. And this reason will likely be the tipping point for site owners that haven’t made the switch to HTTPS yet.

Google is now rewarding secure sites

With the release of Google Chrome 68 in July, Google is now definitively showing which sites are secure and which aren’t.

HTTP / HTTP Browser States

Various browser security states in Chrome 68

I mean, look at the image above. That’s pretty darn obvious. Not only is it obvious, it’s jarring and concerning for visitors and site owners that don’t have HTTPS in place.

Google is no doubt trying to make the web a little safer by doing this, but they’re also taking it one step further. They’re now using HTTPS as a ranking factor in search results.

So if you’re a small business owner that relies on keywords and phrases for rankings, you could be facing very real and wide-reaching SEO implications.

Scared straight yet? We thought you might be. Below we’ll show you how to give your visitors the confidence to engage with your site while staying in Google’s good graces.

Securing your site with HTTPS

The first step is obtaining an SSL certificate. For some reason, most people we’ve talked to about this mistakenly think they’re expensive.

You can certainly overpay, so buyer beware. But there are many low-cost, or even free, services that get your site safe and secure.

We’re nerdy developers so we used a free service called Let’s Encrypt. Getting up and running with them is a little on the technical side, but we have plans to write a follow-up article outlining a step-by-step process.

If you don’t have the technical chops, simply purchase your SSL certificate (usually ~$10) from a reputable source and hire a developer (~$100 – $200/hr.) to enable it on your server.

Enabling HTTPS isn’t enough

Changing your site to HTTPS with a valid certificate isn’t the end of the road. You’ll need to convert all the URL references to http:// on your site to https://, otherwise you still run the risk of not showing as secure in the browser.

If you’re using WordPress like we are, there are plugins like Force HTTPS and Better Search and Replace that can make this replacement process easier.

As a final step, you want to make sure you notify Google about your newly secured site. Login to Google Search Console and ask Google to reindex your site so that it will update their database and search results. After that, you’re good to go.

In conclusion

Google is forcing the hand of many site owners, but this is a good thing for the internet. Visiting a reliable and secure sites breeds trust, and we could all use more of that on the web.

If you enjoyed this article or have any questions, please leave a comment below to keep the conversation going.

Join the conversation, leave a comment below

This site uses Akismet to reduce spam. Learn how your comment data is processed.