HTTP vs. HTTPS: What’s the Difference and Why Should You Care?

You may have heard people urging you to switch your website to the HTTPS security encryption. They cite Google’s announcement that HTTPS is a ranking signal and that failure to switch could mean your ranking will take a hit.

And that would mean less traffic and less business.

But, can a product that costs around $100 per year really make that much of a difference? And if so, how straightforward is it to make the switch?

Let’s face it, until recently, HTTPS was really used only by ecommerce sites for their payment pages. Things can get confusing, and the question many business owners face is whether or not the hassle of switching to HTTPS is worth it.

So, let’s look at the arguments for and against. But first of all, what exactly is HTTPS?

What is HTTPS, and why do you need it?

HTTP stands for hypertext transfer protocol. It’s a protocol that allows communication between different systems. Most commonly, it is used for transferring data from a web server to a browser to view web pages.

The problem is that HTTP (note: no “s” on the end) data is not encrypted, and it can be intercepted by third parties to gather data being passed between the two systems.

This can be addressed by using a secure version called HTTPS, where the “S” stands for secure.

This involves the use of an SSL certificate — “SSL” stands for secure sockets layer — which creates a secure encrypted connection between the web server and the web browser.

Without HTTPS, any data passed is insecure. This is especially important for sites where sensitive data is passed across the connection, such as ecommerce sites that accept online card payments, or login areas that require users to enter their credentials.

What’s the process for switching to HTTPS?

If you are familiar with the backend of a website, then switching to HTTPS is fairly straightforward in practice. The basic steps are as follows.

1. Purchase an SSL certificate and a dedicated IP address from your hosting company.
2. Install and configure the SSL certificate.
3. Perform a full back-up of your site in case you need to revert back.
4. Configure any hard internal links within your website, from HTTP to HTTPS.
5. Update any code libraries, such as JavaScript, Ajax and any third-party plugins.
6. Redirect any external links you control to HTTPS, such as directory listings.
7. Update htaccess applications, such as Apache Web Server, LiteSpeed, NGinx Config and your internet services manager function (such as Windows Web Server), to redirect HTTP traffic to HTTPS.
8. If you are using a content delivery network (CDN), update your CDN’s SSL settings.
9. Implement 301 redirects on a page-by-page basis.
10. Update any links you use in marketing automation tools, such as email links.
11. Update any landing pages and paid search links.
12. Set up an HTTPS site in Google Search Console and Google Analytics.

In terms of the setup of the SSL certificate — points one and two above — this is fairly straightforward, and your hosting company will be able to assist you.

Also bear in mind that for a small website this will be fairly straightforward, as some of the above points won’t apply in scenarios such as code libraries and CDNs. However, for a larger site, this is hardly a non-trivial event and should be managed by an experienced webmaster.

Source: entrepreneur.com