Why all sites now require SSL (https)
SSL stands for “secure sockets layer” and is a form of website security which creates a secure encrypted connection between a user’s web browser and the web server hosting the site.
What is HTTPS?
Secure Sockets Layer (SSL) was the most widely deployed cryptographic protocol to provide security over internet communications before it was preceded by TLS (Transport Layer Security) in 1999. Despite the deprecation of the SSL protocol and the adoption of TLS in its place, most people still refer to this type of technology as ‘SSL’.
SSL provides a secure channel between two machines or devices operating over the internet or an internal network. One common example is when SSL is used to secure internet communication which turns a website’s address from HTTP to HTTPS, the ‘S’ standing for ‘secure’.
We recommend that all websites are protected by some form of SSL, even those which are not ecommerce, transactional or capturing user data because there are a number of other important benefits including;
The benefits of HTTPS
One of the main benefits of HTTPS is that it adds security and trust. It protects users against man-in-the-middle (MitM) attacks that can be launched from compromised or insecure networks. Hackers can use such techniques to steal your customer’s sensitive information.
Implementing SSL secures any data transmitted between server and browser during a users session interacting with your site. This is a key component in the realms of data protection and especially the new GDPR legislation surrounding protecting personal data.
The green padlock which appears on a secured site can give customers peace of mind that your website can be trusted and their information is safe, this can lead to increased conversion and loyalty.
The SEO / search value
If your domain has the letters https in front of the www, then your site will have a clear advantage over those that are stuck with the old http. This fact comes directly from Google. Back in 2015, Gary Illyes revealed that if two web pages are equal in other respects, the Google search engine will always prefer those that are Hypertext Transfer Protocol Secure (HTTPS). Evidence from Mozcast bears that out. Between January and October last year, the number of sites that appeared in the top slot of Google searches that were https compliant rose from 25% to 40%.
The reason why the Google algorithm increasingly prefers https is that the company wants to prioritise secure websites. In fact, Google has been open about its desire to ensure that one day the whole web is secure, including sites that are not handling sensitive information. The Google Chrome update 56 that came out in January 2017 is another step towards this goal. Since this update was rolled out, Chrome users have started to receive security warnings every time they access a site served by http and not https. Over the next few months, Google’s preference for https is likely to severely disadvantage http sites.
There is another important advantage in switching to HTTPS. No serious modern business can afford to overlook mobile technology. Making sure that your site is mobile-friendly by considering such factors as page loading speed, is as crucial to success in the modern marketplace as employing the latest in SEO strategy.
Google’s Accelerated Mobile Pages (AMP) is becoming an increasingly important part of optimising your domain for smartphones. Google created AMP to help to speed up loading times on mobile devices, and AMP content tends to appear more prominently in search results, but it can only work with sites that are served by https. This is also increasingly the case for the new generation of browsers and progressive web apps, which are designed with https in mind and won’t be effective with http.
Should you switch
It is likely that at some point, site owners will be left with little option but to switch to HTTPS, and getting ahead of the curve by switching now could give your site a significant advantage.