HTTP vs HTTPS – What it means to your website

Another day and yet another thing we need to be addressing to help our websites appear better in Google’s results. So, what is SSL and why has Google imposed we make this change?  An SSL (Secure Socket Layer) is an encryption technology which prevents hackers from intercepting data transferred from a user’s browser to a web server.  On a website the SSL is marked by having https:// in front of the conventional www, instead of the standard http://.  Historically, it had only been deemed necessary for e-Commerce sites and websites which collect personal information.

Last year Google introduced the need for HTTPS as a lightweight factor of its algorithm in a bid to start raising awareness in online security and to encourage ‘Joe Webdesigner’ to install more SSL certs on their websites to try and make the web a safer place for your information and ensuring maximum privacy across the board.  As of the start of this year Google has already started giving a boosted page rank to those sites with HTTPS, but now they’re adjusting further for searches to look for more HTTPS pages (source Google Security Blog).

What does this mean for you?  

It means that you should, if you haven’t already, be talking to your website designer / developer and making the investment to purchase an SSL Cert for you. Yes it does take a bit of time to set up and carries an annual fee, but it will be an investment worth making.  Ensuring your customers continue to have a private connection to your site, maintained security and also that their confidence in you is not hindered is worth the money, not to mention maintaining (and in some case enhancing) your Google Ranking.  After all, it could cost you a lot more if your site’s security is breached.

Getting Secure

How do you make sure you’re doing the right thing?  Google has listed the best practices for implementing HTTPS on your site:

Use robust certs:

•Get your certificate from a reliable CA that offers technical support.

•Decide the kind of certificate you need:

•Single certificate for single secure origin (e.g. www.lilliankelly.co.uk).

•Multi-domain certificate for multiple well-known secure origins (e.g. www.lilliankelly.co.uk, cdn.lilliankelly.co.uk, lilliankelly.co.uk).

•Wildcard certificate for a secure origin with many dynamic subdomains (e.g. a.lilliankelly.co.uk, b.lilliankelly.co.uk, c.lilliankelly.co.uk).

Use server side 301 Redirects to redirect your users and search engines to the HTTPS pages.

Support HSTS by using a web server that supports HTTP Strict Transport Security (HSTS) and enable HSTS.

A little too geeky for you?

If this is all a little too over your head, don’t panic, help is always at hand.  Speak to your website designer / developer (or us) for a check if you are already complying, and if not, how you can.  It is, after all, in your benefit as well as the user’s.  Google has provided some FAQ’s on migrating to HTTPS which can be found here:

Please follow and like us: