Switching from HTTP to HTTPS

Move your website to https and get secure.

Why you ask? Because as of July 2018, Google will be labeling websites using http as Not Secure in the address bar. If this warning appears by your website url users are not going to trust your website, and most likely leave.

If you’re planning on starting a new website project, you will want to set it up as https from the beginning, and if your website is currently using http, you should make a plan to switch to https as soon as possible.

Chrome 68 Not secure warning
Websites that are not https will display a Not secure message in Chrome 68

HTTP vs HTTPS

HTTP, which stands for hypertext transfer protocol, is the method your browser uses to communicate with the server holding the data for a particular web page, allowing you access to the internet.

HTTPS still uses hypertext transfer protocol to communicate, but the data that is transferred back and forth between your computer and the server is encrypted. Only your browser and the server can decrypt the signal, so your information can’t be accessed by a third party in transit. Additionally, https signals that a site has been authenticated, meaning you know that you’re seeing the correct site (as opposed to a clone or fishing site), and that the content hasn’t been altered.

In an https site, your data is secured by TLS (Transport Layer Security protocol) or SSL (Secure Sockets Layer). The terms are often used interchangeably, or as SSL/TLS, because TLS was built using a later version of SSL as its foundation. Even though TLS is the newer and more secure version of SSL, the security certificates you will need to install at your host are generally still called SSL certificates.

Be sure to check the fine print, recent security breaches have rendered SSL significantly less secure, so you’ll want to make sure you’re using TLS. Sites running SSL often carry security warnings, or their https bar contains a padlock with a line through it.

Why you should use https on your WordPress site

1. Encryption

The most obvious benefit of upgrading your site is improved security. Since only the server and your browser can decrypt the data being transferred, a third party who intercepts your data won’t be able to read it.

At an absolute minimum, https should be on any ecommerce pages on your site. Credit card information, addresses, and passwords are simply too valuable to send without the security of encryption that comes when you upgrade your site to https. Encryption doesn’t just protect sensitive information like credit card numbers, it also prevents third parties from reading messages or tracking your activities.

2. Authentication

Https also indicates that the site has gone through at least some level of authentication. In some cases, that simply means that the owner of the domain has the right to use the site. In others, an extensive verification processes ensures that the company listed on the site controls it. Clicking on the padlock feature in most browsers will list the information that has been verified, giving visitors increased confidence in a site.

3. SEO

In 2014, Google decided to include whether your site is http or https in their search engine algorithm. That means they are now using https as a ranking signal, which along with quality content and page load speed, are important elements of search ranking. Upgrading your website to https is a quick way to get a boost so you’ll rank higher in Google’s searches. This is part of Google’s overall push to try and make the web more secure, and they state specifically that they want to encourage sites to switch to https.

4. HTTP2 Requires It

The successor to http, http2, has been developed to improve on the standard hypertext transfer protocol. Http2 has shorter load times by combining the data that is sent between your browser and the server to a single TCP connection. With these multiple request being combined into one, http2 has tested faster than http, and a fast website can greatly impact a users experience on your website.

5. Minimal Downsides

It used to be the case that https sites would noticeably increase server load, which caused increased load times. Additionally, security certificates were expensive.

These problems have largely been resolved. Https sites run much faster now, and as far as cost, SSL certificates such as Let’s Encrypt are free and perfect for most websites. If you need extra features or security, such as an EV SSL, many certificates are reasonably priced and it appears with the push to https, SSL prices will get even more competitive.

Making the Switch

First thing you will need to do is install a SSL certificate on your website. As I mentioned above, most web hosting providers now offer SSL certificates, as well as performing the switch to https, for free. From there, you’ll have to make sure all of your media url’s are updated to reflect the new https url, and you will want to set 301 redirects in your htaccess file to make sure your url’s always route to https.

Lastly, don’t forget to change your website url from http:// to https:// in your WordPress dashboard, as well as Google Analytics, Search Console, your social media url’s, and online directory listings.

Whether you’re building a site from scratch or looking to upgrade an existing site, the benefits of https are clear, and they are becoming more important every day. The web is moving towards being more secure, and with Google pushing all website owners to switch, you may as well start reaping the benefits of https today.

If you need assistance with switching your website to https, Contact Me and I will be happy to help.

Feel free to share