Do you want to provide a more secure experience for your users and help your Google rankings? One way to do both is to secure your website with HTTPS. In this post, we’ll explain what HTTPS is, why you need it, and how to get it.
The Difference Between HTTP and HTTPS
HTTP stands for HyperText Transfer Protocol. This protocol provides the rules within the application layer for web browsers to communicate with web servers. It is the foundation of communication for the Internet.
HTTP requests are sent by a user’s browser. Web servers send an HTTP response to the request, loading the web page using hypertext links.
The S on HTTPS stands for Secure. HTTPS enables secure communication between web browsers and web servers.
How HTTPS Works
HTTPS works via SSL or TLS. The Secure Sockets Layer (SSL) is the predecessor of TLS.
The Transport Layer Security (TLS) provides privacy and data integrity via encryption protocols in communications between two or more applications.
The goal of this protocol within the application layer is to prevent eavesdropping and tampering with secure data transfer.
While most websites still refer to securing your site with HTTPS via SSL certificates, TLS is the modern version of SSL being used today. We’ll discuss how to get this for your website later in the post.
Why HTTPS Matters
HTTPS prevents intermediaries from injecting content into the website without the owner’s knowledge. Without HTTPS, a bad actor might inject online ads, for example, to profit from your web traffic.
According to HTTP Archive, about 92% of desktop and 91% of mobile requests are from URLs with HTTPS in the prefix. W3Techs reports that HTTPS is used by 75.2% of websites. BuiltWith has found over 155 million SSL certificates installed on websites throughout the Internet.
It’s important for two reasons specific to marketing, as well. First, when visitors come to an HTTP website, browsers like Google Chrome label the site as Not Secure in the address URL bar.
On mobile browsers, unsecured sites appear with a warning triangle next to the domain.
Screenshot of Washington.edu, August 2021
Second, HTTPS can impact your rankings in search results as well. In 2014, Google announced HTTPS as a part of the algorithm that ranks webpages in Google search engine results.
After implementing HTTPS for Google services, Google announced the initiative “HTTPS Everywhere” to encourage webmasters throughout the internet to do the same.
“For now it’s only a very lightweight signal – affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content – while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
How Safe is HTTPS
HTTPS doesn’t mean a website is 100% secure or fail-safe. HTTPS only secures the communications between two computers, such as a user’s computer via web browser and a web server.
HTTPS offers stronger security than HTTP, it does not protect the user’s computer or the web server itself from attack by hackers or malware.
This is why webmasters must secure their website and users must use virus and spyware protection on their computers.
How to Get HTTPS for Your Website
To add HTTPS to your website, you may need an SSL certificate. But first, search your current web hosting provider’s documentation on how to enable or enforce HTTPS. It may already be included in your current hosting plan.
If not, you should be able to purchase a TLS/SSL certificate from your current web host or upgrade to a new hosting plan that includes TLS/SSL.
Alternatively, you can get a TLS/SSL from content delivery networks (CDNs) like Cloudflare or get a TSL/SSL from Digicert.
How to Redirect HTTP to HTTPS Websites
How you redirect your website from HTTP to HTTPS depends on your web server. If you do not have an option from your hosting control panel to switch to or enforce HTTPS, you will need to redirect or rewrite your URLs from HTTP to HTTPS.
You can search for directions specific to your hosting provider by searching Google for your hosting company’s name + HTTP to HTTPS. Most companies will have specific documentation on how you can redirect specific to your hosting plan and web server.
Google also offers in-depth documentation on how to migrate from HTTP to HTTPS in Google Search Central’s Advanced SEO section. They also link to information on how to configure Google Search Console for your HTTPS site.
How to Secure Your Website Beyond SSL
There are several ways you can secure your website in addition to HTTPS. It’s important to do because Google can determine if your website has been hacked or infected with malware.
“Pages or sites affected by a security issue can appear with a warning label in search results or an interstitial warning page in the browser when a user tries to visit them.”
Google will alert webmasters if their sites have been hacked via Google Search Console and the Security Issues report.
To protect your website, start by updating your passwords. Any service that you use for your website – domain registrar, web host, control panel, admin panel, etc. – could give the wrong person too much access to your website, leaving it vulnerable.
If you use the same password across multiple services, you may want to change them to ensure that an attack on one doesn’t turn into an attack on them all.
To save your unique, secure passwords, avoid using your browser and choose a more secure application like 1Password or LastPass.
Next, look at your web hosting service. Many providers offer plans with upgraded security features. Look for plans that include a security firewall, malware scanning, virus scanning, DDoS protection, and automatic backups in case something should happen.
If you can’t get protection from your web host, you can try services like Sucuri. They include advanced security scans, a firewall, blocklist monitoring, SSL support, and advanced DDoS mitigation.
Their plans also include website cleanup and malware removal if your website is compromised.
WordPress users can try the Jetpack plugin (formerly VaultPress) from Automattic. Their Security plans include backups, security scans, downtime monitoring, brute force protection, and anti-spam protection.
Finally, review everything you consider adding to your website.
Plugins, add-ons, and extensions can create vulnerabilities for your website and your users.
Look for user reviews and only choose plugins that play a vital role in your marketing or sales.
How to Get HTTPS as a User
HTTPS Everywhere is an extension that works for popular web browsers including Chrome, Firefox, Edge, and Opera.
Android users can install it on Firefox. Alternatively, HTTPS is included on the Brave and Tor browsers for desktop computers and Android/iOS mobile devices.
Screenshot from Brave, August 2021
This extension or integration with the Brave and Tor browsers allows you to upgrade to a more secure connection when a website doesn’t offer HTTPS or hasn’t rewritten/redirected its URLs from HTTP to HTTPS.
Key Takeaways
HTTPS plays an important role in providing a secure experience for users and a positive ranking signal in the Google algorithm.
Secure your website with HTTPS by getting a TSL/SSL certificate from your web hosting service, CDN, or another provider.
More Resources:
Featured image: BestForBest/Shutterstock