SSL (Secure Socket Layer) and HTTPS (Hyper Text Transfer Protocol Secure) have been around for almost 20 years and, to date, have mainly been used by e-commerce websites that handle sensitive information like credit card details. Now all website are being encouraged to use it.
Verdict: A good thing to do, but not a train-smash yet. Only when the search engines start preventing access to your website, will it be necessary. However, the vast majority of websites do not have it yet, so the search engines are not going to shut down the majority of the internet. I would recommend that all e-commerce sites start implementing this layer though.
Google said, “Over time, we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the Web.”
Google Chrome started showing ‘not secure’ in June last year, which did scare a few people.
HTTPS: Explain it to me as if I’m five
I’m not going to pretend to know all the technical details behind HTTPS (Hypertext Transfer Protocol Secure), but I can certainly tell you the basics.
The main benefit of HTTPS is that it makes your site more secure for your users. More specifically, it’s more secure when a user is giving you any sort of information.
It’s essential on pages where users are required to give their credit card information and/or other personal details. However, it’s a good thing to have on all pages.
The real change happens when a user submits their data. HTTPS is able to provide multiple layers of protection to that data:
- encryption – the data is worthless to anyone who somehow manages to intercept it because they don’t have the key to decrypt it (you do).
- data integrity – data can’t be corrupted, which is a good thing.
- authentication – it prevents “man in the middle” attacks, which means that it’s not possible for anyone to trick your customers into thinking they’re providing you data when they’re really giving it to a scammer. This is what your SSL certificate (more on that soon) is for.
How to Upgrade to HTTPS / SSL
If you would like to switch to SSL / HTTPS, here are the steps to making the transition:
- Select, purchase and install a security certificate on your site server and make sure the certificate stays up to date.
- Locate and update URLs for any content, including internal links, embedded videos, images, scripts, forms, etc. from HTTP to HTTPS.
- Test the new HTTPS pages.
- Set up 301 redirects from HTTP to HTTPS to ensure that search engines know your site’s URL has been changed, so anyone using the old URL will automatically be sent to the new URL.
- Ensure that your site is recrawled and reindexed by Google.