If you have ever typed in a URL, you may have noticed those letters that spontaneously appear in front of the www that you pounded out on cruise control. Did you ever ask yourself what they mean? Well, those acronyms can have a major impact on the safety and performance of your website and, based on recent studies, can drastically impact your business.
HTTP stands for Hyper Text Transfer Protocol and it simply allows for communication between two systems, such as a browser and a server. HTTP does not consider the kind of data being shared nor who is viewing the data; it simply shares the data, no questions asked. This makes it very simple for someone to capture all of the data that you have been viewing or entering on a site using HTTP system. For sites that are just informational, this may not cause a problem, but if your site is set up for ecommerce or if it requests visitors to submit personal information, this could be a huge security issue.
HTTPS is simply a secure HTTP. Through the use of an SSL certificate, an HTTPS is able to take all the information that is being transferred between two systems and encrypt it, making it much more difficult for a third party to intercept and translate it. HTTPS achieves this by using a three-layer security system:
- Encryption of the exchanged data to keep it secure from third parties. That means that while users are browsing a website, nobody else can view their conversations or steal their information.
- Data integrity. Data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
- Authentication. This proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.
There are several websites that have still waited to make the switch to HTTPS, and each of them has its own reasons. In fact, 79 out of Google’s Top 100–ranked websites still have not made the switch. Perhaps you run a site that does not share or gather personal information. While it may not be as pertinent for you to make the switch, there are still intriguing reasons for you to consider it.
As stated above, HTTPS provides an authentication process that guarantees that the user is communicating with the intended website. More and more web users are starting to recognize sites that do use an HTTPS level of security. In fact, a recent study showed that 8 out of 10 web users would abandon a purchase if they realized that a site was not using HTTPS. Whether your site offers ecommerce or not, is it worth losing customers who view your site as being untrustworthy?
Another reason to make the switch—no surprise here—has to do with Google. While 79 out of Google’s top 100 websites currently have not implemented HTTPS, four out of the top five sites on Google have already transferred over to HTTPS, with the fifth, Yelp, currently in the planning stage of making the switch. Google announced in 2014 that HTTPS would start having an effect on rankings. So far, that effect has been minimal, but with close to 30 percent of their top-ranking sites now having completed the switch, experts are predicting that Google is about to turn up the juice. After all, Google’s main priority is to serve the web user, and they can’t consciously continue sending traffic to sites that do not have a basic level of security. The switch to HTTPS can be complicated, especially for larger sites, so most people believe that Google is simply giving everyone some added time to complete the switch before they start punishing rankings.
Now, HTTPS will not solve all of your security issues. For instance, an HTTPS will not prevent your site from getting hacked; that would require the implementation of a firewall and security updates. Rather, HTTPS is the minimum amount of security that you should be offering to visitors to your site, and it can reassure them that your site is safe and trustworthy.
Switching from HTTP to HTTPS is not as simple as just flicking a switch—there is a substantial amount of programming involved. In fact, Wired.com, a well-known IT news site, recently took on the process of converting from HTTP to HTTPS. Two weeks in, they had to stop and completely reorganize their schedule. Our point is that if the largest IT site on the web has trouble with this kind of switch, chances are the average person with a CMS[NZ1] could make a real disaster of it. Improper implementation of a HTTPS system could potentially result in damage to your rankings as well. If you are considering the switch, plan ahead, and be sure to go with a trusted web developer who can execute it properly.
Xynergy has converted several websites, large and small, from HTTP to HTTPS. If this is something you feel that your website would benefit from, please request a quote and one of our developers will contact you.