HTTP vs HTTPS
For years now, Google has been trying push website owners to implement SLL on their websites. They have gradually made changes to the search engine and Chrome to promote HTTPS connections, but let’s clear up the difference between HTTPS and HTTPS first.
What is HTTP and HTTPS?
HTTP is short for Hyper Text Transfer Protocol, which is a protocol to transfer hypertext, basically websites, from a server to a client, like your browser. But the downside here is that HTTP has no security whatsoever, therefore third parties can intercept the data you receive or send back to the server. This is of course a big issue if you must enter sensitive information on that website, like your credit card or social security, but in general the community guidelines suggest that you implement SSL for any kind of text input on a website, such as login fields, search and contact forms. Here, it would be practical so have something more secure, hence HTTPS.
The S at the end of HTTPS stands for “Secure”, that means the transfer protocol of HTTPS is encrypted, which adds a layer of security to your data, and makes it harder to intercept or manipulate. It’s important to point out that implementing SSL only protects data transfers, not the actual website, which can still be hacked. Security issues, such as this one, have been in the spotlight, especially in the recent past with the numerous global cyberattacks in the past year. Luckily, it is becoming standard practice to implement SSL in the past few years, and Google has been a major contributing factor during this time.
Googles fight for HTTPS
Since 2014 Google has, slowly but surely, promoted SSL implementation on websites. Starting with the SEO bump for HTTPS sites back in 2014 and up till the upcoming warning for form input over HTTP in October 2017, with some more noticeable changes through the years, such as adding a “Not secure” box next to the URL, instead of only showing the neutral icon, and the full screen “Connection is not private” warning when trying to access HTTPS links to sites that do not have SSL implemented.
Why should you implement SSL and how to do it?
If you weren’t convinced to make the switch from the data protection pitch, as mentioned earlier, Google gives better rankings to HTTPS site and have been and still are gradually penalizing HTTP sites. You should also consider that it’s a fact that HTTPS sites load significantly faster and if you want to make sure that is true, you can test it out on your own devices to compare or go to www.httpvshttps.com.
To implement SSL you need to first get your hands on an SSL certificate from a Certificate Authority (CA). There are many CA’s out there, some are free, such as LetsEncrypt, and some are paid for, such as RapidSSL and Comodo. There are a few differences between free and paid SSL, but the major difference is that free SSL certificates only allow domain validation, whereas paid SSL certificates have the provision for Organization Validation and Extended Validation, appropriate for larger businesses and companies. Many hosting providers offer free SSL certificates through various free CA’s with a one-click installation, others allow you to get a certificate elsewhere and then install it on your hosting service, often their support can even help you implement your certificate.
Whether you’re a business owner, a company or a large corporation, implementing SSL is a step in the right direction, even if no sensitive data going through your site, it’s the leading standard for secure sites. Google will most definitely further penalize HTTP sites in the future, so make sure your users know you value their privacy.