Google Recommends Moving Your Website to HTTPS

HTTPS: You Really Have No Choice

In August, Google notified website owners via Google Search Console (formerly known as “Webmaster Tools”) of its plans to show security warnings on websites that are still using the (now old) http protocol. Search Console users were told that the Chrome browser (currently with market share of 45% in the USA) will begin showing security warnings to users when they go to sites that are still using http instead of https.

You’ve seen these warnings, haven’t you? They are, kind of…scary.

 Now, these warnings won’t likely effect all sites; just those with form fills. So, if your business is e-commerce, you really have no choice to move to https…at least if you want to be in business come November.

But, what about all the other sites out there? I guess if your site is only informational, then you can avoid it, but can you really? Have a contact us page with a form fill? You need to move to https. If your site has a search function, you need to move to https. Chat function? You need to move to https. If the user has the ability to interact in any way with your website, you will need to take heed of this notice and get cracking. Otherwise, you are going to lose a significant amount of your traffic come October.

HTTPS: WHAT IS IT ANYWAY?

 https (Hypertext Transfer Protocol Secure) is an internet communication protocol that will protect the confidentiality of data sent from a user’s computer to your website. It provides encryption of the exchanged data to keep it secure from eavesdroppers who may want to “listen” to the interaction. It also verifies the integrity of your data so that it cannot be modified or corrupted during the transfer process. Finally, https ensures that the communication from your users goes only to the intended website, thus protecting against “man-in-the-middle” attacks.  Man-in-the-middle attacks are those devils that may want to alter the details of the private conversation.

In today’s high profile world of data being stolen from websites, users have come to expect the security that their online conversations with websites will remain private and protected. https solves much of that problem by adding an additional layer of encryption and signaling to the website to protect the information being sent by the user. That information is sent in an unreadable form that is guarded by some crazy algorithm code, thus making it generally impenetrable.

HTTPS: You’ll Need an SSL Certificate First

To qualify for https, a website must first purchase an SSL (Secure Socket Layer) certificate. SSL provides standard security technology that provides an encrypted link between a web server and a browser. This link ensures that all data sent between the server and browser will remain private. This is especially important given the insecure nature of wi-fi connections which are notorious targets for unsuspected eavesdropping.

SSL certificates are relatively cheap and they help guard visits to your website. At Purplegator, we purchase ours from Comodo or Geotrust. SSL certificates need to be renewed annually so there is an ongoing cost associated with them. There are free versions of SSL certificates such as Let’s Encrypt, but we don’t use them. I suspect a free SSL certificate is fine, but we wouldn’t recommend them. The reason is that if they ever stop working for some reason, what is the business incentive of an open certificate authority in fixing the problem? In our opinion, SSL certificates are simply too important, and too cheap, to take that risk, regardless of how small it is.

HTTPS: This is a Big Deal

Less than half of all websites use the https protocol today. But, not surprisingly, the best ones are already using it. In fact, more than half of the first page sites in Google are already using https. That shouldn’t be surprising, as Google has been saying since 2014 that using https is an SEO ranking factor. Now, however, it’s suddenly become not just a minor SEO ranking factor, but a real traffic negator if you don’t make the switch.

Bottom Line: You need to move your site from the insecure http to https. And, you need to do it NOW!

At Purplegator, we are now in the process of notifying and migrating our website customers from http to https. If you need help in moving your website, please contact us.