What is HTTPS?
First, let’s start with HTTP. Hypertext Transfer Protocol is an application protocol for distributed, collaborative, and hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web. HTTPS consists of communication over HTTP within a connection encrypted by Transport Layer Security, or its predecessor, Secure Sockets Layer (SSL). When set up correctly, content is delivered in your browser with a green lock. That’s what we are after, the green lock. The main motivation for HTTPS is authentication of the visited website and protection of the privacy and integrity of the exchanged data.
Why you need it.
For some time now, Google has used HTTPS as a ranking factor for search engine results. They penalize sites that continue to use the non-secure HTTP protocol, and it is possible that your search ranking has been affected. This practice is part of Google’s ranking algorithm and, until now, has not directly affected the public side of your website. However, Google is now forcing the issue and making this publicly known on your site through the browser address field. Browsers like Google Chrome and Firefox are now showing warnings when your site isn’t using HTTPS.
Pages with login forms are more direct and clearly state “Not Secure” in the address bar.
HTTPS is a must nowadays. Data transferred to and from your site is not encrypted when using an HTTP URL. You need to use HTTPS in order for the data to be encrypted to and from your website. The internet is evolving into an encrypted net. As privacy issues rise, everyone is moving in the direction of complete encryption of the web.
Here is a recent email we received from Google, warning of the change coming in October 2017.
Security and privacy are the main reasons to use HTTPS, but those are not the only reasons. Your company brand is likely to be hindered by continuing to serve your website in an not-secure manner; your customers and site visitors will notice. They are looking for the green lock more and more. If they are researching online and see the “Not Secure” warning, they will likely pass you by.
Keep in mind that soon after the dust has settled with this update, the trend will continue for a web that runs entirely on HTTPS/SSL.
If you are running your website over HTTP, then these are just a few things that are not secure:
- Your user id and password when signing into the WordPress admin
- Other users’ passwords when they log into any part of your website (membership sites)
- All form submissions from website visitors (contact forms, newsletter signup forms)
- Any data transferred to and from your site by you and your users could be read, or altered, by malicious parties
- Payment forms should always use HTTPS/SSL
It’s time to upgrade to HTTPS.
Consider this an opportunity to boost not only your website security, but also your online brand. After you enable HTTPS, all of these problems will be solved, because passwords, form submissions and all your site content will be encrypted. You will love the green lock.
Every new site we setup includes HTTPS as part of our deliverable. With Google starting to penalize non-encrypted sites, this is no longer optional.
Protect your site and your users. If your site still uses HTTP, contact your site administrator or web host and request an upgrade immediately.