Why It's Time For Every Business Website To Use HTTPS

How secure is your business website? If you use online banking, you may have noticed that the website address will begin with https (as ours does), which indicates that the data you enter is encrypted via SSL. But it's not become a necessity unless you run an eCommerce business and need to collect credit card or other sensitive data. So you might have been happy with a standard http address.

But it's now becoming more and more important to make the switch to https for any business website.

Google currently handles around 80% of all searches conducted in the UK on desktop and mobile. And for various reasons, they're both encouraging websites to adopt SSL, and also preparing to punish an increasing number that haven't swapped over. That mixture of benefits and potential risks will only increase in 2017, hence why we invested in moving to https a while ago.

The Benefits of Moving Businesses To HTTPS:

There are a few benefits to moving to https. Without going too far into the technical details, modern website servers and internet browsers support a new protocol called HTTP/2 which allows for faster websites. So you get a site which will load quicker and also use less server resource, due to a number of improvements which make sense if you happen to be a developer. If you're really geeky, then you can check out the standards here (only recommended if you enjoy reading about Header Compression or Multiplexing).

Speed is a known factor for ranking in Google search results, so a faster website is pretty much always a good thing. But the HTTP/2 standard is generally only supported by modern internet browsers over HTTPS. So if you're not investing in an SSL Certificate for your website and implementing encryption, it means your competitors will have a faster website, and potentially better search engine rankings (all other factors being equal, of course!).

The good news is that if you use HTTPS and HTTP/2, and you have a customer who can't connect with a modern internet browser, then they'll revert to loading the site as they always would have. So you're not excluding anyone still using an old computer and browser.

Some new features for websites are only being made available to those running https, for instance, the web push notifications you may have started seeing. Just like getting a notification on your mobile phone, websites can now pop up a message on your computer to alert you to new content, for example. That trend will continue, meaning than a non-HTTPS site will miss out on the latest technology.

Finally, Google has explicitly stated that HTTPS sites will receive a slight boost in search engine rankings. Those benefits appear to be relatively small, but could make the difference if your competitors haven't invested in a more secure website yet. And as Google is still in the early days of pushing SSL and more websites are beginning to change, the benefits will only get smaller as time goes on.  And with the switch to real-time ranking, you should see any improvements shortly after the move.

The Risks of Sticking With HTTPS:

The cost of investing in an SSL Certificate for your website and putting the necessary steps in place to switch are not massive. But no-one likes to spend more money than is needed. So what may happen if you stuck with a normal HTTP website?

Starting from January 2017, the latest version of the Chrome browser will now show a new warning if your website collects passwords or credit cards and doesn't have an SSL certificate. So if you have a login on your website, or accept any form of payments, your customers will be warned not to trust you. And Google has also stated the then long-term plan is 'to mark all http sites as non-secure'

And rather than being just marked as non-secure in text, your visitors will soon see a very obvious red warning triangle, so they won't miss the warnings.

We mentioned the benefits of switch earlier, which include speed, new features and potentially higher search rankings if you act before your competitors. Obviously if you're the last company to switch, you've already given everyone else a headstart. And it's pretty certain that any new features being developed in 2017 will focus on HTTPS if they're coming from Google.

So it's pretty certain that staying on a http:// website will potentially lead to a loss in traffic. And the same procedure is also being carried out by Apple, who are insisting all mobile applications will also use ecnrypted https by January 1, 2017.

And there may be more confusion if you only use HTTPS for login and payment pages, as Google if there are any duplicates (where you have a HTTP and HTTPS version), it's the secure version that will get indexed first and is more likely to show up in search results.

So to summarise the potential risks:

• Every visitor using Chrome will see a big red warning triangle when they visit your site
• You won't be able to use the latest and fastest website technologies
• Your site may slip in search rankings if you competitors take advantage first

The Potential Risks of HTTPS Migration:

We obviously saw the benefits of switching to a HTTPS website. But it's important to be aware of the potential risks if you're considering making the change yourself and don't want to lose your search traffic or rankings.

The first thing is to make sure you purchase the right website certificate, depending on whether you have one domain, or also need to cover subdomains. Which means knowing the difference between single domain, multi domain and wildcard certificates, and ensuring you have the right one in place, along with the right encryption level and an optimised server.

Next you'll need to ensure that the https version of your website are added to Google Search Console (both www. and non www. alternatives) along with your non-http versions, and that you have the right plan to redirect all existing traffic and links to the new website urls. That will mean using permanent 301 Redirects to automatically send existing links and visitors from the old http:// addresses to the new https:// addresses.

And then you'll need to update your robots.txt file to reflect the changes, and also point to the new https versions of your sitemaps in Google Search Console, Bing Webmaster Tools and anywhere else you're currently submitting them.

The next step would be to change as many links on your site to point to the new, correct urls as possible. That minimises the amount of redirects that you're relying on, and will also help Google to pick up on the change. As will asking anyone linking to you from other websites to update their links wherever possible.

That's quite a lot of steps to go through correctly. And we've skipped over any potential issues with displaying insecure content on the SSL-enabled pages which can cause further complications. It explains why in various studies, a huge number of websites either haven't implements HTTPS yet, or have made a mistake in setting it up.

The best way to ensure your site migration goes smoothly is to use your preferred tools to check the site before you start to make any changes. For instance, crawling the site with a tool like Screaming Frog, noting the urls and site structure, and then going back post migration to make sure everything is in place correctly. And also watching your website search rankings and traffic constantly throughout the migration period.

An alternative which will save you time and effort would be to use someone like us to host your website and ensure a smooth transition. We've implemented HTTPS for a large number of clients, and migrated our own site, which has been online and accruing links for many years. So if you're looking for Website Hosting, or Web Design, talk to us about making the switch to HTTPS at the same time, and you'll be all set for success in 2017.