HTTPS might be the most important thing on the internet that you’re unfamiliar with. What is it? HTTPS is a secure version of how you access websites by adding a layer of encryption. With regular HTTP, the data that is sent between your computer and a website is not encrypted and anyone can read it if it is intercepted. HTTPS means that all the data moving back and forth between you and a website is encrypted.
Most major websites are already using HTTPS. Visit any of your favorite websites, and look up in your URL bar. You probably see a green lock. That means the site is using HTTPS. In fact, more than half the web is now encrypted.
With major hacks happening all the time (equifax being the latest example) it is more important than ever to encrypt as much of your data as possible. If you’re interested in the nitty gritty technical details, this post is a great primer.
Why Does my Site need to be HTTPS?
Now that you know what HTTPS is, you should know why you need to move your site over to it. The first and most important reason is that it secures your visitor’s data. You’re showing your visitors that you value their privacy and security, and they are more likely to trust you when they know you value their security.
Second, Google uses HTTPS as a ranking signal. This means that being HTTPS helps your Google rankings. They have been using it as a signal since 2014, and it has only become more important since the original announcement.
Finally, web browsers are going to start giving warnings to potential visitors that your website is not secure. This change is going to start happening this year. These warnings are big, and they will be devastating to websites, which is the point. The major internet companies want a more secure web, and they are going to severely punish companies that don’t get up to speed on security.
How do I setup HTTPS?
Now that you know what it is and why it’s important, it’s time to get your website moved over to HTTPS. Getting it setup requires getting a security certificate. The good news is that while security certificates used to cost money, you can now get strong security certificates for free from Let’s Encrypt, which is a public group sponsored by big companies and organizations like the Electronic Frontier Foundation, Mozilla, Facebook, Cisco, and others.
The easiest way to setup HTTPS is to ask your IT team or webmaster to do it for you. If you have a technical professional managing your website, they can set the security certificate up for you. You can also pay an outside firm to set it up for you.
The next best way to get it setup is to have your hosting provider do it for you. Many large web hosts support Let’s Encrypt certificates, making it extremely easy to set up. The Electronic Frontier Foundation keeps a list of hosting companies that support these certificates.
The final method is to install it yourself. Unless you’re familiar with command line server administration, this is not recommended as you run the risk of destroying your website. If you’re interested in doing it this way, the EFF’s CertBot is the way to go.
There has never been a better time to move your website over to HTTPS. It helps protect your visitors, it boosts your search engine rankings, and it is the future of the web. At some point in the future, HTTPS will be a requirement. While over 50% of the web is encrypted, the vast majority of small to mid-size companies have not yet taken advantage of it. By adopting HTTPS now, you can be ahead of the curve.