In 2016, SGS started launching all websites that we design and host as HTTPS. Many people are asking us why this is so important so we want to explain.
What is HTTPS?
HTTPS stands for “HyperText Transfer Protocol Secure”. It is the Internet standard for any secure/encrypted communication between a web browser and web server. HTTPS effectively encrypts all data that is sent between the end user and web server and guarantees that the website you are browsing is who it says it is. HTTPS has been an important factor for websites in the ecommerce world for years, but historically only on pages that are collecting sensitive information such as credit card numbers or personal data. Accessibility consultants will test and validate your user interfaces.
Another acronym that is often used with or along side of HTTPS is, SSL – “Secure Sockets Layer”. SSL is the protocol that is used by HTTPS to ensure that your data is secure and encrypted. Side note – SSL is slowly being replaced by its newer form, TLS (Transport Layer Security).
Why is this Important?
In a nutshell, because Google says so. In 2014, Google announced that it would start looking at HTTPS as an organic search engine ranking signal for all pages on all websites, not just the pages on ecommerce websites where sensitive information is exchanged (such as a checkout page).
Let’s be clear, this does not mean that if your website is HTTPS, you will see a sudden significant jump in organic search rankings. (Actually, it can cause a temporary fluctuation in your rankings). However, it does mean is that if you have two similar websites and one is HTTPS and one is not, the HTTPS website will most likely outrank the one that isn’t. This is particularly important for competitive keywords where you want to ensure you are giving yourself as much benefit as you can possibly get.
The Big Green Padlock
The other significant reason HTTPS is important is user experience and perception. Google’s Chrome browser has started identifying the HTTPS status of websites by putting an icon in the URL bar that identifies it as “Secure”, “Info or Not secure”, or “Not secure or Dangerous”. As end users, we have been conditioned to look for the “secure” lock icon in our browsers on ecommerce websites during the checkout process and if it isn’t there, we don’t use that website. As long as those checkout pages were HTTPS, we would see the “lock” and felt we could purchase in a secure manner and that led to a positive user experience.
Today, if your entire website is not HTTPS – even if your checkout pages are – your website will not be listed as “Secure” and you will see a message similar to this:
“You should not enter any sensitive information on this site (for example, passwords or credit cards), because it could be stolen by attackers.”
Not a great way to instill credibility and trust and a surefire way to reduce your conversion rate.
What you want to see is the word “Secure” and a nice green padlock (or similar, depending on your browser), just as in the image in the beginning of this section. Eventually, Google has announced that it intends to label ALL websites that aren’t fully HTTPS as “Not secure”, along with a big red exclamation point and warning. Trust us, you don’t want this on your website.
What Needs to Happen?
If you host with Sleeping Giant Studios, we can transition and migrate your non HTTP website to HTTPS for you. This process does take some time and planning and, unfortunately, it isn’t as easy or as simple as flipping the proverbial switch. Typically, the larger the website, the more time required to migrate, test, and finalize. Whether we are doing the migration for you or not, from a high level these are the steps will need to be taken:
- Purchase and install a security certificate for the domain. Traditionally, security certificates have an annual cost to them that can range from $20 to hundreds of dollars annually. With the emergence of HTTPS as a standard for all websites, entry level security certificates are being offered for free. At Sleeping Giant Studios, we offer a free SSL certificate to all of our hosting clients (we partner with WPEngine for all hosting).
- Backup the website in its entirety.
- Change all internal links from HTTP to HTTPS. If you don’t do this, you will start receiving 404 (page not found) errors, which is bad for SEO.
- Update code libraries to ensure that they are dynamically generating HTTPS pages. This can take some additional time, particularly on larger or more complex websites.
- Update all external links you have direct access to or control over, such as social media accounts, PPC ads, Google My Business, account, etc.
- Redirect old HTTP domain to new HTTPS domain using a 301 redirect. This will redirect any traffic or links still pointing to your old HTTP website to your new HTTPS website and will preserve your SEO “link juice” (as long as the link structure stays the same).
- Update your CDN (Content Delivery Network) SSL if you use one. Sleeping Giant Studios uses Amazon S3 as a CDN for website media assets and we take care of this for all of our hosting clients.
- Setup Google Analytics and Search Console for the HTTPS domain. If you don’t update these accounts, you will be measuring data for the hold HTTP domain and not the HTTPS domain and your data will not be accurate.
The bottom line is that there is no doubt that the move to HTTPS is in motion and it’s important. Successful websites are using it and you should be as well. It isn’t going to instantly increase your conversion rates or cause a surge in your organic SEO but it does help. Eventually, those sites that aren’t HTTPS will be, at the very least, receiving a passive penalty.
If you would like to know more about our solutions or if you would like to discuss a project with us, let us know. We would love to hear from you!