You might notice when you visit a website, the web address starts with either http:// or https://. You might ask, what is the difference, and why is it important to my website? You might be surprised to learn that your site can benefit by using HTTPS.
What is HTTPS?
Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP (Hyper Text Transfer Protocol), which is essentially how data is sent between your web browser and the website you are connected to. The "S" at the end of HTTPS stands for "Secure." It ensures that the data cannot be seen or manipulated as it transmits across the public Internet.
Why do I need HTTPS?
For many years, HTTPS has been used to secure credit card transactions across the Internet. E-commerce sites were the first adopters of using HTTPS. However, it’s not just e-commerce sites that should be using HTTPS any longer. In fact, Google has promoted the use of HTTPS to make the web a safer place.
Google urged all websites to use HTTPS by using it as one of the criteria for their algorithm that determines search result rankings. Websites that do not use HTTPS are penalized by Google, which could cause them to rank lower on results pages. Google Chrome users will start to see websites marked as "not secure" when they do not have HTTPS. Because of these updates from Google, along with providing added security for your site visitors, it’s recommended that all websites use HTTPS.
How does HTTPS work?
HTTPS takes the common HTTP protocol and simply layers an SSL (Secure Socket Layer) encryption layer on top of it. Servers and web browsers still speak exactly the same HTTP language to each other, but now over a secure connection that encrypts and decrypts their requests and responses. Each website that uses HTTPS has a unique digital signature known as an SSL certificate to ensure the communication is secure. This certificate also contains the identity of the website owner to ensure the website is legitimate.
What does my website need to support HTTPS?
To enable HTTPS on your website, you’ll need an SSL Certificate. But before you can do that, there are a few steps you must go through:
Unique IP address
The first step is your website must have a unique IP address. If you are on a shared-hosting plan, it’s very common that you also share an IP address with other sites. Each SSL certificate requires a unique IP address, so you’ll need to check with your hosting provider to ensure that you can obtain a unique IP address for your website.
SSL certificate
Next, you must obtain a SSL Certificate from a Certificate Authority. A Certificate Authority is a trusted organization that verifies a digital entity's identity on the Internet. There are several types of SSL Certificates:
- Domain Validation (DV)
- Organization Validation (OV)
- Extended Validation (EV)
For a typical website, a DV certificate is adequate and will prove that the domain or URL has been validated. An OV certificate proves that the organization that owns the website is who it says it is. The EV certificate requires a more stringent vetting process of the organization and should be used where the most trust is needed, such as an online-banking or e-commerce website.
How do I obtain a certificate?
Your web-hosting provider can obtain or purchase the certificate from a Certificate Authority. Since part of the process is to ensure the identity of the server, it might be easier for someone who has direct access to the server to accomplish this. Not all certificates need to be purchased. In fact, free certificates can be obtained from LetsEncrypt.org. Your hosting provider or web developer can install the certificate, but they will need your help to approve the certificate and to verify your organization’s identity.
The SSL certificate is installed. What's next?
Once the SSL certificate is installed and configured on your web server you can use HTTPS on your website. To make it even more effective, you’ll need to ensure that all of the page URLs on your website use HTTPS instead of HTTP. Adding a redirect to your website is the best way to accomplish this. If someone tries to access the site using HTTP, your website should automatically redirect them to the same page using HTTPS. Also, your web developer should ensure that all JavaScript libraries and style sheets also are using HTTPS in the coding of your website.
Now when you visit your site, you should see the magic word "Secure."
Lastly, don’t forget to update your URLs on all of your social profiles to link to your website using HTTPS. Even if you have a redirect in place, this is a best practice we recommend. With an SSL Certificate installed and all of your site visitors using HTTPS, you have done your part to improve the security of the World Wide Web.
If you need help making sure your website is secure, we would love to talk with you. Let's connect and talk about how we can help improve your website.