The data to and from most websites is not secure and can be intercepted. For most websites this is not a problem, but for sites that use sensitive data we want to make sure that it can’t be intercepted.
Most of us nowadays use e-commerce sites to order goods online and will be familiar with the “lock” symbol that indicates the site (or at least the part where your credit card details are entered) is secure. The data is secure because it is encrypted as it is captured, so if it is intercepted in transmission the data cannot be read. In order to encrypt the data the site must use the HTTPS protocol, which requires an SSL certificate.
Why is this relevant to me? I hear you ask. You may be thinking that because you don’t have an e-commerce site this article isn’t relevant, similarly, if you are running an e-commerce site where your payment gateway already uses HTTPS.
Either way, I would encourage you to read on…
Since 2014 Google has been giving a search engine ranking boost to sites that have a valid security certificate. The impact of this boost is small in comparison with other ranking factors, particularly high-quality content, but Google is now placing more emphasis on them and site-wide security certificates are now becoming more prevalent.
Google is keen to make the internet a safer place and is encouraging website owners to adopt HTTPS, so for that reason alone moving to HTTPS is something that all website owners need to consider.
A recent study of over 1 million websites found 33% of the sites ranked in the top three used HTTPS.
However, there is another reason to consider HTTPS and that is to provide a more secure site for your visitors, which helps to build trust – an important factor in converting a visitor into a customer.
Using HTTPS will ensure that any personal data entered via forms will be protected along with any passwords used, which in turn helps protect your site against hacking and scamming.
In order to use HTTPS on a website you require a security certificate, (known as an SSL Certificate) that has been validated by a Certificate Authority. The cost of a certificate ranges from free to several hundred pounds, usually dependant on the level of validation and the type of certificate.
So should you rush to move to HTTPS? We would recommend that all website owners consider applying it site wide, but you should also be mindful of the pitfalls.
Google treats the move from HTTP to HTTPS as a new site, which can result in a temporary loss of ranking. Similarly, inbound links to you site will change and you may lose some of the social proof. However, most of the downside issues can be addressed.
Here at Vizulate we are starting to build all new websites with a security certificate, starting with a free domain-validated certificate and going to paid-for organisation validated certificates for most e-commerce sites.
So our advice is to think about your search engine rankings and your visitors’ data and consider if improving site security will help you build trust and increase conversations. If the answer is yes, then we are here to help.
The Technical Stuff
HTTPS is the encrypted version of HTTP (HyperText Transfer Protocol), which is the basis of data transport between web browsers and web servers. HTTPS requires an SSL certificate (SSL stands for Secure Sockets Layer but often refers to the newer TLS protocol), which is issued by a Certificate Authority. CAs validate certificates at domain level (usually free certificates), organisation level and extended level, which result in different type of certificate being issued.