HTTPS is steadliy becoming the standard for all web traffic. While you may think it does not apply to your website, it does.
- Protect your visitors privacy
- Improve security of traffic to and from your visitors devices.
- Improve Visitor Confidence in your site.
- Improve your SEO Rankings at Google.
- Improve Analytic and Refferer tracking information.
- Be one more item checked of your list you no longer worry about.
What is HTTPS?
HTTPS is a security layer that encrypts all traffic between your website and visitors.
This is all well and good but not many users will notice or care about this but what they do see is a greeen https lock and text in the browser address bar when they visit your website.
HTTPS in Chrome
HTTPS in Firefox
Why do you need to encrypt your web traffic?
With HTTPS you will protect your visitors privacy - you do not want to expose your visitors or let others know what people are viewing at your website.
Improved Security (not just encryption)
- Authentication - Am I talking to who they say they are?
- Data Integrity - has the data been compromised or tampered with?
- Encryption - Is anyone else able to view the data transfer or conversation?
Improved Visitor Confidence when they see https and the green lock in the browser
You get more information in Google Analytics and Google Seach Console
It is 2017 - https is becoming the standard.
What are the SSL Certificate Levels
Extended Validation SSL - Name and Green Bar
This is the highest level and require more documentation and is more expensive. It has the same security standards as teh Standard Validation SSL
Standard Validation SSL - Green Lock but no name
This is the most common level of SSL. It is sold by many providers, is less expensive or even free.
SSL with Errors - shows https but a yellow warning triangle is shown and not green text is shown.
This is not really a level of certificate but an example of what one of the two above certifications will look like if not property configured. Visitors can see that the site is SSL capable but something is not quite right. This is one of the sites we manage and I broke the ssl on the page to get the screenshot, after taking the screen shot I corrected the page back.
What does it cost?
SSL certificates can vary from $50/year to $300/year. There is now a great company offering free options.
Lets Encrypt https://letsencrypt.org/ is a fantastic free option. This site / company / project is sponsored by many of the major web players including Facebook, Cisco, Shopify, SiteGround (excellent Siteground Review) mozilla, and many many others.
This site provides free standard Validation level SSL certificates and a fantastic option for many business webiste that need standard level encryption.
Let's encrypt is really picking up speed and many hosting companies have a let's encrypt plugin which makes installing a Let's Encrypt SSL even easier.
Here are the hosts that we know offer a one click intstall.
- Rochen Hosting
What does Google say about SSL
They think all websites should be SSL
In 2014 Google Announced HTTPS/SSL sites will get SEO ranking boosts.
2014 Google I/O presentation - Google Search Developers disussing https
2016 Share Pesentation
Thao Tran, Global Product Partnerships, Google states that https is really the new web standard. It is at the very end of the video.
Also in 2014 Matt Cutts of Google said he would like to see google give a ranking benefit to sites who use SSL
Well it is now 2017 and it has happened.
How to convert to HTTPS
1. Get the new SSL certificate - This can either be a paid SSL cert of a free one from Let's Encrypt
2. Install the SSL Certificate on you webserver - This is typically done by your web hosting company
3. Force your site over to display through SSL - This means your site can only be accessed through SSL
How to do this in Joomla
How to do this in wordpress
4. Look for any errors that stop your site from getting the green padlock
Typically images or other embedded information that is called and viewed using http
Can also be CSS or JS pages that break when loaded via SSL
5. Update your settings in Google Analytics
6. Update your settings in Google Search Console