Up until a few years ago, I probably would have said don’t bother.
But times have changed and now it’s a good idea for ALL businesses to secure their websites with HTTPS … even if you’re not using an online shopping cart.
Let’s look at what exactly HTTPS is and how you go about implementing HTTPS on your website.
What Is HTTPS?
Short answer: If you see that little padlock in the address bar of your web browser, you’re visiting a secure website. That means the data you’re sending to or receiving from that site is encrypted.
A non-secure website has a URL beginning with “http”. But a secure website begins with “https” — where the “s” stands for “secure”.
It used to be you only needed a secure website if you were doing e-commerce with an online shopping cart and customers entered their credit card info on your site.
But now, even if your website is primarily an informational site (and you’re not selling products or services directly from your site), it’s still recommended to use HTTPS.
3 Reasons Why Your Website Needs HTTPS
1. Maintain lead generation. Starting in October 2017, the Google Chrome web browser started showing a “not secure” warning when users merely started filling out a simple contact form or entering data in search field on a non-HTTPS website. In July 2018, Google Chrome began displaying a “not secure” error on any website not using the HTTPS protocol — regardless if users were filling out a form. Bottom line, if you depend on your website generating leads and sales inquiries, your site needs to use the HTTPS protocol so users don’t freak out and abandon your site due to “non secure” warnings.
2. Improve your search engine rankings. In August 2014, Google announced that HTTPS is a ranking factor in their search algorithm. The jury’s still out as to how much of a factor HTTPS plays in your search rankings, but research suggests it’s becoming a stronger ranking factor. Just do any type of a Google search, and you’ll notice that nearly all of the page 1 results begin with an HTTPS URL. Google has also indicated that a HTTPS site can serve as a tie-breaker between two sites offering similar information.
3. Everybody’s doing it. Perhaps the most important reason to have an HTTPS site is perception. We live in a world where hacking and data breaches are everyday news, and people are concerned about online privacy and security. Even though your website isn’t collecting sensitive information, the fact that you have an HTTPS site and visitors can see the little padlock in their browser gives them comfort. And that translates to confidence and trust in your company. HTTPS is quickly becoming the norm, and even non-techie visitors are now starting to feel a little uneasy when they don’t see that padlock.
How To Install HTTPS On Your Site
There’s good news and bad news. The good news is it’s not terribly expensive or difficult to convert your site to HTTPS. The bad news is there’s more to it than just flipping a switch. As they say, some assembly is required.
There are basically 4 steps:
- You’ll need to purchase an SSL (Secure Socket Layer) certificate. Be careful not to get snookered into overpaying for an SSL certificate. A “Positive SSL” certificate (aka Domain Validation SSL) is a perfectly good choice for most websites and you can get one for less than $10/year from NameCheap or SSLs.com. UPDATE: Some web hosting companies now offer a free SSL certificate as an incentive to host your site with them.
- You’ll most likely want to hire a web developer or pay your hosting company to install the SSL certificate on your web server and configure your website. Under normal circumstances it should only cost $200-$300. Even if you have access to your web server, I wouldn’t advise trying to do this yourself and possibly screwing something up. It’s not worth your time or aggravation. Just hire a professional to do this for you.
- After your SSL certificate is installed, you’ll need to check every page of your site for “mixed content” errors. A mixed content error occurs when a web page references non-HTTPS elements. Sometimes they’re super easy to fix, other times they’re a little tricky. But if you’ve hired a professional to convert your site to HTTPS, this should be part of their service.
- You need to notify Google that you’ve converted your site to HTTPS so they can re-index your site in their search database. Don’t just sit there and wait for Google to crawl your site. Be proactive and notify Google via Google Search Console. If you’re using Google Analytics, make sure to update your settings and let them know your site is now HTTPS.
NOTE: One thing to be aware of is volatility in your search rankings after you switch your site over to HTTPS. In the short term, some of your rankings might temporarily go down or disappear altogether. This is normal. However, once Google re-indexes your site, it is common for your search rankings to return to previous levels or better.
That’s it. Moving your site to HTTPS isn’t a major undertaking if you know what to do. And for a relatively small investment, the ROI can be significant.
It was really a useful article and I recently got my SSL certificate for my website from NameSilo.
Its shocking how many sites still haven’t updated to use an SSL with all the data breaches going on. Even more shocking is how often hosting companies are charging for SSL when you have the lets encrypt service available for free. There is simply no excuse for your site not having an SSL. What I find even more frustrating is some sites that do have an SSL applied don’t have the correct redirects in place from there HTTP version which can present duplicate content issues for the site but also impact there search rankings 😥
Frustrates the hell out of me when I see client sites without https encryption. As a business, I do this for nothing except for the cost of the certificate! – no excuses for not having
My web hosting company also want to charge US $ 50 per year for this HTTPs on my website. I am not doing this right now. My website is not ranking high on google search. Do you think Its due to not having HTTPS?
Hi Nabin. Not having an HTTPS website is probably adversely affecting your site’s ability to rank in Google, but it’s not the only reason. As you probably know, the Google search algorithm considers many factors, and HTTPS is one of many. Also, some web hosting companies charge an annual fee for keeping the HTTPS security protocol active, while other web hosting companies include it at no charge. $50 per year is not exorbitant and it’s probably not worth the time, energy and expense to migrate your website to a different web host just to save $50 per year.
Should my web hosting company be charging every year for the https upgrade? I am in the UK if that makes any difference with a .co.uk website.
Hi Martin. It depends on what your hosting company offers. Until recently, it’s true you had to pay annually for the HTTPS security protocol — both for the SSL certificate as well as your web host possibly needing to install the new SSL certificate each year. Starting around 2018, many web hosting companies began waiving any fees associated with HTTPS website security and began offering it as a free “value added” service for their web hosting clients. If your current web host charges you each year for HTTPS security, you have to weight the costs of migrating your website to a new web host (that offers free HTTPS security) vs. just paying the annual HTTPS security fees.