Leave your thoughts
You may have heard people urging you to switch your website to the HTTPS security encryption.Â They cite Googleâ€™s announcement thatÂ HTTPS is a ranking signalÂ and that failure to switch could mean your ranking will take a hit.
But, can a product that costs around $100 per year really make that much of a difference?Â And if so, how straightforward is it to make the switch?
Letâ€™s face it, until recently, HTTPS was really used only by ecommerce sites for their payment pages.Â Things can get confusing, and the question many business owners face is whether or not the hassle of switching to HTTPS is worth it.
So,Â letâ€™s look at the arguments for and against.Â But first of all, what exactly is HTTPS?
What is HTTPS, and why do you need it?
HTTP stands forÂ hypertext transfer protocol. Itâ€™s a protocol that allows communication between different systems. Most commonly, it is used for transferring data from a web server to a browser to view web pages.
The problem is that HTTP (note: no “s” on the end)Â data is not encrypted, and itÂ can be intercepted by third parties to gather data being passed between the two systems.
This can be addressed by using a secure version called HTTPS, where the “S”Â stands for secure.
This involves the use of anÂ SSL certificateÂ — “SSL” stands forÂ secure sockets layer –Â which creates a secure encrypted connection between the web server and the web browser.
Without HTTPS, any data passed is insecure. This is especially important for sitesÂ where sensitive data is passed across the connection, such as ecommerce sites that accept online card payments, or login areas that require users to enter their credentials.
Whatâ€™s the process for switching to HTTPS?
If you are familiar with the backend of a website, then switching to HTTPS is fairly straightforward in practice. The basic steps are as follows.
Purchase an SSL certificate and a dedicated IP address from your hosting company.
Install and configure the SSL certificate.
Perform a full back-up of your site in case you need to revert back.
Configure any hardÂ internal links within your website, from HTTP to HTTPS.
Redirect any external links you control to HTTPS, such asÂ directory listings.
UpdatehtaccessÂ applications, such asÂ Apache Web Server,Â LiteSpeed,Â NGinx ConfigÂ and your internet services manager function (such asÂ Windows Web Server),Â to redirect HTTP traffic to HTTPS.
If you are using acontent delivery networkÂ (CDN), update your CDN’s SSL settings.
Implement301 redirectsÂ on a page-by-page basis.
Update any links you use in marketing automation tools, such as email links.
Update any landing pages and paid search links.
In terms of the setup of the SSL certificate — points one and two above –Â this is fairly straightforward, and your hosting company will be able to assist you.
AlsoÂ bear in mind that for a small website this will be fairly straight forward, as some of the above points wonâ€™t apply in scenariosÂ such as code libraries andÂ CDNs.Â However, for a larger site, this is hardly a non-trivial event and should be managed by an experienced webmaster.
Up until this point, the only decision youâ€™ll make is whether you want to use an SSL that has aÂ green “secure”Â browser bar. These types of SSL usually require some form of identity verification before they’reÂ issued. This is one of the reasons they tend to cost more.Â Besides that difference, SSL certificates work under the same principle.
If you are not technically adept, you will probably need assistance with the above steps.
Itâ€™s worth pointing out that, for a small site, say less than 50 pages, this process wonâ€™t take too long. However, for larger sites, the full update of links and page redirects should be performed by an experienced developer.
The case for switching to HTTPS
Simply put, the strongest case for switching to HTTPS is that you are making your website more secure.
Sure, there are limits to this. HTTPS is not like aÂ web application firewall. Itâ€™s not going toÂ prevent your website from getting hacked. Itâ€™s not going to stop phishing emails getting sent, either.
If youâ€™re using a content management system (CMS), like WordPress, or you have any other login where you host any kind of sensitive data, then setting up a secure HTTPS login is the absolute minimum precaution you should take.
In reality, HTTPS is the basic price of security these days. Itâ€™s the very minimum you can offer your visitors.
Aside from security, HTTPS also improves trust.
According to research performed by GlobalSign, more than 80 percentÂ of respondents wouldÂ abandon a purchaseÂ if there was no HTTPS in use.
Thatâ€™s fine for ecommerce merchants, but does HTTPS improve conversion and trust for businesses which donâ€™t take online payments? There is evidence that the use of security sealsÂ canÂ improve lead generation by over 40 percent.
Not only do your visitors pay attention to your site’s security, but so does Google.Â Security is at the heart of what Google does these days.Â Thatâ€™s why the company has listedÂ HTTPS as a ranking factor.
So the biggest reason to switch toÂ HTTPS is to future-proofÂ your website. Sooner or later, youâ€™re just going to have to bite the bullet, and make the switch.
The case against switching to HTTPS.
Recent research has shown that for smallerÂ B2B websites, the uptake of HTTPSÂ is low.
Reasons include a lack of awareness of the growing importance of SSL or the perceived complexity of switching to HTTPS, and in particular, the potential negative SEO impact.
AndÂ SEO is one of the most important considerations, especially for websites that have a good ranking. As the saying goes, “If it ainâ€™t broke, donâ€™t fix it.”
It’s easy to empathize with this point. In fact, research that we conducted on more than 540 UK B2B businesses showed that the uptake of switching to HTTPS was in the 2 to 3 percentÂ range. There was not a strong correlation between using SSL and getting a higher ranking, though.
Other factors, such as on page optimization, number of Google reviews, total number of pages and the number of backlinks, had far more bearing on a high ranking than switching to HTTPS.
In short, we concluded that HTTPS as a ranking factor is of low importance right now.