Up until late 2017, I probably would have said don’t bother.
But things have changed and I now believe it’s a good idea for ALL businesses to secure their websites with HTTPS.
So let’s take a look at what exactly HTTPS is, why I’m now recommending HTTPS and how you go about implementing HTTPS on your site.
What Is HTTPS?
Short answer: If you see a little padlock in the address bar of your web browser, that means you’re visiting a secure site, which means that the data you’re sending to or receiving from that site is encrypted.
Also, a non-secure website has a URL that begins with “http” in the address bar, whereas a secure website begins with “https” — with the “s” standing for “secure”.
It used to be that you really only needed a secure website if you were doing e-commerce and you had a shopping cart where customers were entering their credit card info on your site.
But now, even if your website is primarily an informational site and you’re not selling products or services directly from your site, it’s recommended that you move your site to HTTPS. Here’s why …
3 Reasons Why It’s Important To Upgrade Your Site To HTTPS
1. Maintain lead generation. Starting in October 2017, the Google Chrome web browser started showing a “not secure” warning when users started filling out a simple contact form or search field on a non-HTTPS website. So if you depend on your website to generate leads and sales inquiries, your site needs to use the HTTPS protocol so users don’t freak out and abandon your site’s contact form due to “non secure” warnings.
2. Improve your search engine rankings. In August 2014, Google announced that HTTPS is a ranking factor in their search algorithm. The jury’s still out as to how much of a factor HTTPS plays in your search rankings, but research suggests it’s becoming a stronger ranking factor. Just do any type of a Google search, and you’ll notice that nearly all of the page 1 results begin with an HTTPS URL. Google has also indicated that a HTTPS site can serve as a tie-breaker between two sites offering similar information.
3. Everybody’s doing it. Perhaps the most important reason to have an HTTPS site is perception. We live in a world where hacking and data breaches are everyday news, and people are concerned about online privacy and security. Even though your website isn’t collecting sensitive information, the fact that you have an HTTPS site and visitors can see the little padlock in their browser gives them comfort. And that translates to confidence and trust in your company. HTTPS is quickly becoming the norm, and even non-techie visitors are now starting to feel a little uneasy when they don’t see that padlock.
How To Install HTTPS On Your Site
I have good news and bad news for you. The good news is that it’s not terribly expensive or difficult to convert your site to HTTPS. The bad news is that there’s more to it than just flipping a switch. As they say, some assembly is required.
There are basically 4 steps:
- You’ll need to purchase an SSL (Secure Socket Layer) certificate. Be careful not to get snookered into overpaying for an SSL certificate. A “Positive SSL” certificate (aka Domain Validation SSL) is a perfectly good choice for most websites and you can get one for less than $10/year from NameCheap or SSLs.com.
- You’ll most likely want to hire a web developer or pay your hosting company to install the SSL certificate on your web server. Under normal circumstances it should only cost $200-$300 — not expensive at all. Even if you have access to your web server, I wouldn’t advise trying to do this yourself and possibly screwing something up. It’s not worth your time or aggravation. Just hire a professional to do this for you.
- After your SSL certificate is installed, you’ll need to check every page of your site for “mixed content” errors. A mixed content error occurs when a web page references non-HTTPS elements. Sometimes they’re super easy to fix, other times they’re a little tricky. But if you’ve hired someone to convert your site to HTTPS, this should be part of their service.
- You need to notify Google that you’ve converted your site to HTTPS so they can re-index your site in their search database. Don’t just sit there and wait for Google to crawl your site. Be proactive and notify Google via Google Search Console. If you’re using Google Analytics, make sure to update your settings and let them know your site is now HTTPS.
NOTE: One thing to be aware of is volatility in your search rankings after you switch your site over to HTTPS. In the short term, some of your rankings might temporarily go down or disappear altogether. This is normal. However, once Google re-indexes your site, it is common for your search rankings to return to previous levels or better.
# # #
So that’s it. Moving your site to HTTPS isn’t a major undertaking if you know what to do. And for a relatively small investment, the ROI can be significant.
If your site is not already HTTPS, I’d move this near the top of your to-do list. You’ll thank me later. ;-)