30th October 2017 by James
HTTPS Or Not To HTTPS?
Is it time you converted over?
What does HTTP and HTTPS actually mean?
Have you ever noticed when you add in a web address to your browser it starts with either http:// or https://.
Pixel Puppet has an SSL Certificate to encrypt data sent by the website, which gives it the 'secure' status in the browser.
This acronym stands for ‘Hypertext Transfer Protocol’ (HTTP) or ‘Hyper Text Transfer Protocol Secure’ (HTTPS). In easy to understand, no geek speak, it defines the underlying rules on how messages are created and sent on the world wide web and how servers and browsers respond to the commands.
Really all you need to be aware of is there are two versions and one is more secure than the other.
HTTPS means that data been sent between browser and website server is encrypted making it secure.
For example: a simple form on your website. When a visitor fills in that form with their personal details and hits send, the data is sent to the web server (the computer that your website runs on). Between the point of your visitor hitting send and the server receiving the data from the form, it is being trasmitted unsurely and has the potential for someone to intercept that transmission and read the personal data. HTTPS however ensures that the data sent from the form is encypted prior it it being transmitted. So that even if it is intercepted in transmission the content is not identifiable. You will find that all trustworthy eCommerce websites already have HTTPS setup for obvious reasons! Therefore to make websites safer for visitors to use, it is being recommended that all websites convert over to HTTPS.
What is the implications of not converting over.
As with most changes, there is really only one way to police that they are carried out - by using the power of Google. They indicate that websites that are not HTTPS will be seen as insecure. And Google will use HTTPS as a prerequisite for higher rankings in their search algorithm. They also highlight in the Chrome brower and SERPS (google results pages) those that are not secure. Ask yourself this - when was the last time you had second thoughts about visiting a website that had a security warning issue highlighted on Google? You probably would avoid it like the plague. So potentially you could lose visitor trust and traffic. They have also hinted that forms on non HTTPS websites will have notes automatically added (in the browser Chrome) to let the user know that the form is not secure. Our advice, putting aside the Google statement which you can read more about in the link below - it’s worth converting your website to HTTPS and ensure the data you are collecting on your website is secure, I am sure if will be picked up in your GDPR review anyway!
https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html
What do you have to do.
Speak to your web designer or your hosting company and ask them to add an SSL Certificate to your website. An SSL Certificate basically enables the S (secure) part on the HTTP - that’s all your really need to know! Depending on your hosting provider there are associated costs as there are different providers of SSL Certificates and a setup cost. Usually they are priced around £150 - £200 per year as an ongoing cost.
You might find that some hosting providers (like ours) now offer SSL Certificates as part of the hosting cost, but don't forget to resolve the domains! Speak to your provider about this, they will know what to do, but I have made a mental note to write an article about resolving a domain!
