HTTP vs HTTPS
You might have noticed some sites have an “S” at the end of the HTTP (as in https://). What does this mean as a site visitor? What is the difference between http and https? What does this mean for business owners?
Simply put, more security. Whether you’re paying a bill online or logging into an account, when you see https (or SSL) you know your connection to this site is encrypted so hackers can’t access your data.
This actually isn’t anything new, in 2014 Google announced the migration towards https as a “lightweight” signal in ranking algorithms. Bottom line, when Google talks, websites listen (because it helps your ranking on Google).
Then, in September 2016 Google announced that starting in January 2017 Chrome would start flagging http (without the “S”) pages as potentially unsafe. This is a long-term strategy to mark all HTTP sites as non-secure. Word on the street is that it won’t be long before ALL other browsers follow suit (Mozilla Firefox, Opera, Safari, Internet Explorer, etc.). From a security perspective, it has become an inevitable “must have”.
Bottom line for businesses: within a few short years, every website will NEED to be secured through SSL, so why not make the move to HTTPS now? If you don’t, you’ll be penalized for it.
If you have the most recent version of Chrome installed (Version 56), you may have noticed that non-https sites (that collect passwords or credit card info) have a message in the location bar that says “Not Secure.” So if you have an ecommerce site or a shopping cart option, this will definitely affect you sooner rather than later.
Be forewarned (cue ominous music) – there are three parts to this process. First, Google is trying to encourage website owners to upgrade their website to HTTPS. The next Chrome version will automatically flag non-HTTPS pages as “not secure” during incognito sessions. And the last step will be when Chrome (and other browsers) will automatically label all HTTP sites as “not secure.”
How will this change affect WordPress sites?
Visitors who see your site labeled as “not secure” by Chrome might think twice about the trustworthiness of your website. They might think it means either your site has been compromised or there are some security issues with it. If you have an E-commerce site a message like that is super bad for business.
To recap, here are the major reasons you need to move your WordPress website to secure hosting (SSL or HTTPS):
- SEARCHABILITY — When Google talks, you listen. Moving your site to HTTPS means you’ll get a little extra SEO love from Google, which means you’ll rank better.
- SECURITY — SSL protects both the data on your site and its visitors by encrypting data transferred over the web (think forms and credit card info).
- E-COMMERCE / ONLINE SHOPPING —If you accept payments on your website, SSL is a non-negotiable and must be used for both membership and E-commerce sites.
- AFFORDABILITY — Like every other technology, SSL certificates used to be expensive. But with the growing demand for online security, it’s now quite affordable, not to mention mandatory.
What to do if your site is not HTTPS
If you haven’t yet transitioned over to HTTPS, and you don’t understand HTTP vs HTTPS, start by speaking to your webmaster. They can switch you over to HTTPS. Note: some web hosts offer SSL for free while others have a small fee.
Implementing these changes and upgrades might seem easy enough, but there’s a lot more to it than just upgrading your hosting plan. You may also need to make changes to uploaded content to get that green light from the browsers that your website is fully secure.
Already got SSL on your site? Congratulations! You’re ahead of the curve. But if you don’t, this is serious business and we highly recommend that this become a priority item. So let’s talk. Like, yesterday.