If you have a business website, you probably worry about security. This concern is especially likely if you collect sensitive information such as credit cards and social security numbers.
In an age where hackers are constantly on the hunt for easy targets, website security should be one of your top priorities.
One way to significantly improve the security of your website is to change HTTP to HTTPS for the transfer protocol of your site. Sites that don’t use HTTPS are essentially open books for hackers to crack open and read to their hearts content (to the detriment of your customers).
If you’re asking yourself – how do I make my website secure? – please continue reading.
What is HTTP & HTTPS
HTTP stands for Hypertext Transfer Protocol, and it makes it possible for web users to transfer and receive information over the internet. HTTP is one of the most widely adopted application protocols online and its existence makes the modern web what it is today.
HTTPS stands for Secure HyperText Transfer Protocol, and it operates in the same way HTTP works in that it allows web users to receive and transfer data.
Why Use HTTPS, and Why Is HTTPS Important?
The defining difference between the two transfer protocols is that HTTPS transports data using an extra layer of protection known as Secure Socket Layers (SSL).
In most cases, SSL (known commonly as SSL certificates) is used to secure the transfer of data, confidential login information and credit card transactions. Simply put, HTTPS is the secure version of HTTP.
Do I Need an SSL Certificate for My Website?
It doesn’t matter what type of website you run or the type of information you collect, it’s always beneficial to get an SSL certificate for your website. SSL certificates encrypt the data that users input so it remains secure as it travels from a user’s web browser to your server.
Consumers are always wary of the many veiled security risks that can threaten their information each time they engage in online transactions (inputting a credit card number into an e-commerce site for example).
Securing your website with an SSL certificate will give your visitors confidence that their information is safe within your database. It also adds credibility to both your business and your website because it communicates the message you’re serious about the security needs of your customers.
HTTP vs. HTTPS SEO
When it comes to Google SEO, HTTP vs. HTTPS makes a difference. Search engine are constantly evaluating which web pages provide the best experience for users.
In addition to contextually addressing user queries, search engines look for measures of a site’s credibility. Because using HTTPS instead of HTTP makes your website more secure for users, Google sees this as a credibility booster.
In August of 2014, Google announced that moving to HTTPS could give your site a subtle rankings boost. This makes the change to HTTPS even more critical for the performance of your site.
How to Tell If a Website Is Secure
It’s quite simple to determine whether a website is secure. Pull up a browser and type in the URL of any website. If the URL starts with “http://” the website is not secure. If it starts with “https://” that website is secure.
It’s possible that a site has manipulated their server to show “https://” when they don’t have a valid SSL certificate. When you look to the left of your browser’s URL bar you can see “Secure” or “Not secure.” This is another sign of whether a site is secure.
Get into the habit of checking whether the sites you frequent are secure. This is especially important for websites that require you to enter highly sensitive information such as your credit card number or login credentials.
If you’re interested in further verifying the security of a website, click on the green lock icon next to the “Secure” display in your browser’s URL bar. This should prompt a pop up to appear with in-depth security details.
Are we saying HTTPS is the only security measure you need to protect your website? Of course not! Hackers can still compromise a website that’s protected by an SSL certificate.
That’s why you need to perform follow up actions to ensure a website has multiple layers of security. One way you can do this is to read a site’s privacy policy. Most privacy policies will explain how your information is collected and used, and what security measures are in place to protect your private data. If a website doesn’t have an adequate privacy policy, that’s a red flag.
Download this free guide about the 24 website must-haves that will evolve your digital marketing today!
You should also check to see if the site’s contact information is up to date. Most security conscious website administrators will have a valid email where they can receive information pertaining to possible security issues. Keep on the lookout for social media icons, a valid email address, a telephone number and possibly a physical address if relevant.
How to Change HTTP to HTTPS
To enable HTTPS on your website, you’ll need an SSL certificate. SSL certificates are issued by a certificate authority or certification authority (CA).
Not all security certificates are created equal. For example, 1024-bit security certificates provide less protection than 2048-bit certificates. Keep this in mind as you’re moving over to HTTPS.
.htaccess – Force SSL
If you’re using an Apache server (most WordPress sites do), you will also need to include a URL rewrite rule that redirects your HTTP URLs to HTTPS. The code will look like the following:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
If your site uses the WordPress CMS, make sure you include the above code outside of the WordPress comment tags:
# BEGIN WordPress
# END WordPress
Contact the experts at MARION for more help with WordPress development in Houston.
SEO Concerns When Switching to HTTPS
As you change to HTTPS Google will treat the transfer as a URL change and there’s a very good chance you will experience temporary ranking fluctuations until the transfer is complete.
You will eventually regain the rank you lost. The major downside to this transfer period is you will miss out on vital organic traffic until you recover your rank.
Regarding long-term SEO concerns, you should have nothing to worry about as long as you configure your SSL certificate correctly on your website. Configuring your SSL certificate incorrectly (such as pointing it towards the wrong domain) can affect your SEO negatively.
To ensure you go about the process the right way, let’s look at Google’s process of switching over to HTTPS:
- Determine the type of certificate you need for your site (single, multi-domain, or wildcard)
- Update your robots.txt to allow Google to crawl your website
- Ensure your site returns the proper HTTP status code
- Use a 2048-bit key certificate
- Ensure you maintain an up-to-date SSL certificate
Of course, if you’re unsure of how to configure your SSL certificate correctly, turn the job over to professionals who know what they’re doing. It’s a much better option to pay a little bit of money up front to ensure the job gets done right the first time.
Understanding Why HTTPS Is Important
It’s a no brainer why you should use HTTPS over HTTP. Google is becoming more and more stringent against sites who have yet to make the switch. Furthermore, sites who don’t use an SSL certificate run the risk of losing the trust of their visitors.
If your website is still using HTTP switch over as quickly as you can to avoid any negative repercussions. MARION’s Houston marketing agency can help.
If you’re a small to medium sized business our combination of SEO services and custom web design services in Houston will ensure you not only stand out from the competition with a beautifully crafted website, but you also have a sound SEO strategy to rank well on Google.
Contact us today to learn more about our services.
