Why your website needs to use HTTPS

I recently did something I’ve been meaning to do for a while: I set up my website to use HTTPS. Whilst previously HTTPS was often considered a “nice to have” by web developers working outside of sectors such as banking and retail, we’ve now reached a point where it’s essential for all types of website to use it.

HTTPS is the secure version of the HTTP protocol, used by web browsers and devices to communicate with the servers on which websites are hosted. If you visit a website with an address starting with “http://”, that website is using the standard version of the HTTP protocol. Any interactions you have with that website will be transmitted across the internet as plain text, readable by anyone who might be monitoring the connection.

If you visit a website which has an address beginning with “https://” (or, you can see a padlock symbol in your browser’s address bar) then that site is using HTTPS, the secure version of HTTP. This means that all data sent between the web browser and the server is encrypted. Anyone monitoring your connection would see a random stream of letters and numbers, practically impossible to decode.

But what are the implications of this, and why is it so important that your website uses HTTPS today?

HTTPS is essential for the security of your website, business and customers

Any of the following can happen when visiting a website that doesn’t use HTTPS:

  • Any interactions taking place on that website can be eavesdropped as plain text, and stolen. This includes usernames and passwords (not just those belonging to customers, but also the login details for your company’s Content Management System), enquiries sent via a contact form, the URLs and content of pages currently being looked at by individual visitors, and more. Businesses that still use HTTP for their websites not only risk the security of their customers, they risk their own security too.
  • HTTP Websites can be modified during transmission over the network. This enables hackers to redirect visitors to other places, commit phishing attacks, inject malware into the page and more, plus there have also been cases of hotel wi-fi networks and unscrupulous ISPs injecting ads into websites accessed via their networks. Do you really want to risk grubby, invasive adverts being plastered across your shiny new company website?

Both of the above issues, and more besides, can be mitigated by asking your web developer or agency to set up your website to use HTTPS.

HTTPS is now used as a ranking signal by search engines

Google announced more than a year ago that it had started using HTTPS as a ranking signal. This means that websites that use HTTPS will have an SEO advantage over those that don’t. While Google currently states that HTTPS on its own doesn’t have a large impact, it’s practically certain that over time the influence of HTTPS on search rankings will increase. Because…

The internet as a whole is moving towards “HTTPS everywhere”

As well as using HTTPS as a search engine ranking signal, Google stated it wants “HTTPS Everywhere” during the Google I/O conference in 2014. Mozilla has said that it intends to phase out support for HTTP in their Firefox browser. Cutting-edge features appearing in the latest browsers are increasingly only available to HTTPS sites. And, the internet as a whole is moving towards the new ultra-fast HTTP/2 protocol, but HTTP/2 is currently only available to websites that use HTTPS.

Without HTTPS, you may lose the trust of your customers

In a post-Snowden world, computer security and privacy issues are mainstream news, and consequently internet users are becoming increasingly savvy about their own privacy. When visiting a website that uses HTTPS, a padlock symbol (often green) is displayed in the browser address bar. This indicates (rather more prominently than the “https” in the URL itself) that the website is using HTTPS.

And as time goes by, more and more people will look for this symbol in order to assure themselves that your business is serious about the integrity and security of their data. And if they don’t see it, they may not trust you with their custom. If you’ve asked yourself the question “Does my website need https?” then the answer is now yes.

Enable HTTPS on your website now

Hopefully you now understand how important HTTPS is to your website, and by extension your business. And it’s important to get this set up now, as the reasons to do so will only become more pressing as time goes by. More and more websites are now adopting HTTPS – perhaps including your competitors’ – so don’t get left behind.

Enabling HTTPS on your website isn’t a straightforward process: it involves purchasing an SSL/TLS cert from a certificate authority, which then has to be installed on your website’s server. There are also sometimes configuration and technical changes, which may need to be made by a web developer, depending on circumstances.

If you would like to enable HTTPS on your website and are looking for a freelance web developer to implement it, then please drop me a line and I’ll get back to you with a quote.

tweet me your thoughts