Up until a few years ago, I probably would have said don’t bother.
But times have changed and now it’s a good idea for ALL businesses to secure their websites with HTTPS … even if you’re not using an online shopping cart.
Let’s look at what exactly HTTPS is and how you go about implementing HTTPS on your website.
What Is HTTPS?
Short answer: If you see that little padlock in the address bar of your web browser, you’re visiting a secure website. That means the data you’re sending to or receiving from that site is encrypted.
A non-secure website has a URL beginning with “http”. But a secure website begins with “https” — where the “s” stands for “secure”.
It used to be you only needed a secure website if you were doing e-commerce with an online shopping cart and customers entered their credit card info on your site.
But now, even if your website is primarily an informational site (and you’re not selling products or services directly from your site), it’s still recommended to use HTTPS.
3 Reasons Why Your Website Needs HTTPS
1. Maintain lead generation. Starting in October 2017, the Google Chrome web browser started showing a “not secure” warning when users merely started filling out a simple contact form or entering data in search field on a non-HTTPS website. In July 2018, Google Chrome began displaying a “not secure” error on any website not using the HTTPS protocol — regardless if users were filling out a form. Bottom line, if you depend on your website generating leads and sales inquiries, your site needs to use the HTTPS protocol so users don’t freak out and abandon your site due to “non secure” warnings.
2. Improve your search engine rankings. In August 2014, Google announced that HTTPS is a ranking factor in their search algorithm. The jury’s still out as to how much of a factor HTTPS plays in your search rankings, but research suggests it’s becoming a stronger ranking factor. Just do any type of a Google search, and you’ll notice that nearly all of the page 1 results begin with an HTTPS URL. Google has also indicated that a HTTPS site can serve as a tie-breaker between two sites offering similar information.
3. Everybody’s doing it. Perhaps the most important reason to have an HTTPS site is perception. We live in a world where hacking and data breaches are everyday news, and people are concerned about online privacy and security. Even though your website isn’t collecting sensitive information, the fact that you have an HTTPS site and visitors can see the little padlock in their browser gives them comfort. And that translates to confidence and trust in your company. HTTPS is quickly becoming the norm, and even non-techie visitors are now starting to feel a little uneasy when they don’t see that padlock.
How To Install HTTPS On Your Site
There’s good news and bad news. The good news is it’s not terribly expensive or difficult to convert your site to HTTPS. The bad news is there’s more to it than just flipping a switch. As they say, some assembly is required.
There are basically 4 steps:
- You’ll need to purchase an SSL (Secure Socket Layer) certificate. Be careful not to get snookered into overpaying for an SSL certificate. A “Positive SSL” certificate (aka Domain Validation SSL) is a perfectly good choice for most websites and you can get one for less than $10/year from NameCheap or SSLs.com. UPDATE: Some web hosting companies now offer a free SSL certificate as an incentive to host your site with them.
- You’ll most likely want to hire a web developer or pay your hosting company to install the SSL certificate on your web server and configure your website. Under normal circumstances it should only cost $200-$300. Even if you have access to your web server, I wouldn’t advise trying to do this yourself and possibly screwing something up. It’s not worth your time or aggravation. Just hire a professional to do this for you.
- After your SSL certificate is installed, you’ll need to check every page of your site for “mixed content” errors. A mixed content error occurs when a web page references non-HTTPS elements. Sometimes they’re super easy to fix, other times they’re a little tricky. But if you’ve hired a professional to convert your site to HTTPS, this should be part of their service.
- You need to notify Google that you’ve converted your site to HTTPS so they can re-index your site in their search database. Don’t just sit there and wait for Google to crawl your site. Be proactive and notify Google via Google Search Console. If you’re using Google Analytics, make sure to update your settings and let them know your site is now HTTPS.
NOTE: One thing to be aware of is volatility in your search rankings after you switch your site over to HTTPS. In the short term, some of your rankings might temporarily go down or disappear altogether. This is normal. However, once Google re-indexes your site, it is common for your search rankings to return to previous levels or better.
That’s it. Moving your site to HTTPS isn’t a major undertaking if you know what to do. And for a relatively small investment, the ROI can be significant.