In August 2014, Google announced HTTPS as a better ranking signal in search results, and earlier this month it was announced that Google will be marking non-HTTPS sites as insecure from July this year. This is a clear indication that Google takes security seriously and that it is now more important than ever to have a valid SSL certificate installed on your website.
So what is HTTPS and how will you be affected if your site is still HTTP?
What is HTTPS?
HTTPS, the secure version of HTTP, has been around for quite a while and you must have seen that most websites including Amazon, eBay and other ecommerce platforms are now using HTTPS on their websites.
HTTPS pages typically use the SSL (Secure Sockets Layer) protocol to encrypt information by creating a secure tunnel between the visitor and web server to transfer information from one node to another. To convert HTTP to HTTPS, a valid SSL certificate is required which encrypts the sensitive information, such as credit cards and passwords, by using a public/private key combination and finally the given information is decrypted securely.
Why do I need HTTPS?
Do you have a blog or a website? If the answer to either of these questions is ‘yes’, then you need a valid SSL certificate to make your website HTTP Secure. A valid SSL will give your website an increase in traffic rankings and is also likely to increase conversions by establishing the trustworthiness of your website.
All major browsers such as Chrome, Firefox and Safari use a green lock icon in the address bar to indicate when a website is using HTTPS and a neutral indicator (no lock icon) when a website is not using HTTPS. The green lock icon indicates that the site is using a secure connection and the information provided on the website is securely encrypted.
Figure 1 Receptional.com on Google Chrome with HTTPS
Figure 2 Neutral indicator marking site as insecure
Figure 3 From July 2018, Google Chrome will mark the website ‘Note Secure’ in red
How do I make my website HTTPS secure?
Setting up HTTPS on your website is not too difficult. Follow the steps below to make your website secure:
Say Goodbye to your shared IP and get a dedicated IP address
To meet the best security standards, SSL certificates require your website to have its own dedicated IP address.
With a dedicated IP, you can ensure that the traffic going to that IP address is only going to your website and your server ensures faster response during periods of high traffic load.
Buy a certificate
Next, you need a valid SSL certificate and you can buy it for as little as £50 a year.
There are several SSL issuing authorities such as DigiCert, GoDaddy, GeoTrust and Comodo. Each of these companies offer different features and guarantees with their SSLs. You can read more about them on their websites.
Activate and install the certificate
Now that you have bought a valid SSL, it’s time to activate it. You will need to generate a Certificate Signing Request (CSR) and use it to activate your SSL.
You can generate a CSR in your web hosting control panel – such as WHM or cPanel. Go to the SSL/TLS admin area and choose to ’Generate an SSL certificate and Signing Request’. Fill out the fields in the screen below to generate the CSR and private key for your SSL:
Next you can use the CSR to activate the SSL and, finally, install the certificate using the private key and certificate code combination.
Note: In most cases, your hosting company will be able to help you activate and install the certificate on the server.
Update your site to use HTTPS
After successful installation, your server has a valid SSL on it but your website is not ready yet.
In this next step, you will need an experienced web developer or agency to help you upgrade your website to HTTPS. They will need to ensure that all media assets as well as the site pages are served with HTTPS.
The complexity of this work depends on the type of your website CMS (Content Management System). Receptional has helped many Magento and WordPress clients and successfully installed SSL certificates on their websites. Get in touch with us today and we’ll make your website HTTPS ready.
Setup HTTP to HTTPS redirect
In this step, you will need to ensure that any incoming HTTP request is redirected to the equivalent HTTPS page.
This can be done by setting up a 301 redirect in htaccess or at the server level.
Submit HTTPS version of your website in Google Search Console
Finally, now that your website is ready, it’s time to submit the HTTPS version of your site to Google.
To conclude, Google Chrome is a popular browser in the UK with 64% of the total market share and if your website is still HTTP and you ask your website visitors to enter any form of data such as personal details, passwords, or most importantly credit card information, the user will see a ‘not secure’ message on Google Chrome and this will eventually affect the trustworthiness of your website. To avoid this, install a valid SSL certificate on your website as soon as you can and enjoy the benefits of a secure web.
Like Google, Receptional take security seriously, every website we develop is HTTP Secure and has a valid SSL certificate. If you need help setting up HTTPS on your website or building a secure website, contact Receptional today.