HTTP vs HTTPS: What’s the Difference?

HTTP vs HTTPS: What’s the Difference? - Image #1

2018 was the year that Google got series about HTTPS and began labelling sites that didn’t have HTTPS enabled as ‘Not Secure’ with the release of Chrome68. As a result, no website owner can ignore the need to have HTTPS enabled because now it directly affects your website’s ranking on Google.

Having your site labelled is ‘Not Secure’ on a Chrome web browser can be a little problematic for traffic and not to mention, the confidence you visitors have in your business. Now, this does not mean that something is broken or wrong with your site, the labelling simply lets visitors know that your website is not secured with HTTPS. What does that mean exactly? Well, this article is going to break down what HTTPS truly is and why your site needs it.

What is HTTPS and why is it a necessity?

HTTP is an acronym for hypertext transfer protocol. It is a protocol that makes allowance for communication between servers. Commonly used for the transference of data across the web to your browser.

When you type a URL in your browser’s URL bar and hit enter a protocol is set to the server where that website is hosted asking for the information you are requesting to be sent back which happens in seconds. Notice we’ve been talking about HTTP minus the ‘s’ and we’re about to discuss why that S is so important. In the past, HTTPS was only used for e-commerce websites to ensure that all data was sent across a protocol that was encrypted. This enables sensitive data and the financial information was given in confidence by shoppers to be sent privately and securely over the internet.

The problem with using HTTP lies with the S missing. The S stands for secure. Without the S information is being sent without any encryption and therefore can be intercepted by anyone.

Using HTTPS mitigates the problem of having data snatched unwittingly by preying eyes watching the communication between two servers. HTTPS is possible via SSL Certificates. Without HTTPS the data passing from your website to a visitor’s browser is insecure and at risk for security breaches. This is especially pertinent for e-commerce sites, as we’ve mention, which accepts financial data and confidential information from visitors and or shoppers, membership sites that use login credentials and so on. However, thanks to Google, it is mandatory that all sites use HTTPS in order to continue to rank in Google search results, maintain great SEO and not have their site labelled as ‘Not Secure’.

 New Labelling of Website’s by Google Chrome

In years prior Google Chrome labelled websites that used HTTPS with a green bar that said ‘Secure’ with a lock icon and insecure sites had no labelling. Since Chrome 69 however, Google proposed to remove the green bar and the word ‘Secure’ but opted to keep the lock icon in place to mark all HTTPS sites as being the default. They then proposed to block all HTTP sites and mark it with a red warning and ‘Not Secure’.

Now after Chrome 70 websites that have the default security of HTTPS are marked with a lock icon only and websites that use HTTP are simply marked with ‘Not Secure’. However, if a user visits a site with HTTP and they are prompted to enter login information or any sensitive data Chrome gives a strong red warning that flashes ‘Not Secure’ with the hazard icon. Millions of internet users use Chrome and therefore Google has made it mandatory that sites use the default setting of HTTPS. This is a mandate that Google has decided to run in order to keep the internet more secure for users and website owners.

The Process for Switching to HTTPS

Enabling SSL Certificates is fairly easy and can be done by following a few steps. However, if you find that you are not particularly tech-savvy or familiar with the backend of websites then simply contact Technical Support at your trusted web hosting provider if you run into issues.

  1. Begin by purchasing an SSL Certificate with a dedicated IP from your hosting provider.
  2. Complete the installation and configuration of the SSL Certificate.
  3. In the event that you run into issues, perform a complete Back-up of your website in case you have to revert to the old settings.
  4. Manually configure any hard internal links on your website from HTTP to HTTPS.
  5. Update your code libraries: JavaScript, Ajax and all third-party plugins.
  6. Redirect any controlled external links to HTTPS, such as directory listings.
  7. Update your htaccess applications: Apache Web Server, LiteSpeed, NGinx Config and your internet services manager function (i.e. Windows Web Server), to redirect HTTP traffic to HTTPS.
  8. If you are using a content delivery network (CDN) then update your CDN’s SSL settings.
  9. Implement 301 redirects on a page-by-page basis.
  10. Update any links you use in e-marketing automation tools, i.e. email links.
  11. Update any landing pages and your paid search links.
  12. Finally set up an HTTPS site in Google Search Console and Google Analytics.

For setting up your SSL Certificate you can refer to points 1 and 2 but beyond that your hosting provider will be able to help you install and configure it successfully.

A point of note about the above steps is that this is more instructional for larger websites that use code libraries and CNDs but smaller websites will have a more straightforward experience. In fact, some smaller websites may have SSL Certificates included with their shared hosting plan.

The Case for Switching to HTTPS

The most important reason is that HTTPS is safe and secure and HTTP is insecure. It all boils down to a matter of trust. You want your visitors to have trust in your website’s reputation. Especially now that Chrome users will see a ‘Not Secure’ when they visit a website that doesn’t have HTTPS enabled. Making your website secure with HTTPS is the least you can do for your users. It is the bare minimum in security. Especially if you’re using content management system (CMS) like WordPress then your site should be secured with an SSL Certificate.

While HTTPS will make your website more secure it is not the ultimate in internet and web security. It will not prevent hackers or cybercriminals, it won’t prevent phishing scams or any of the like but it will ensure that data is passed secured and encrypted through the internet. Another major case factor is your website’s SEO Ranking. In order to stay within good ranking status on Google, you must have HTTPS enabled.

In the End

Investing in HTTPS powered by SSL Certificates is the best thing you can do for your website going forward. We’ve outlined all the major reasons why you should make the logical switch from HTTP to HTTPS but we will recap just to make sure we’re all on the same page.

Reasons to Switch:

  • Google will label your website in Chrome as ‘Not Secure’. You can find this information next to your domain name in the browser. This can lead to low traffic and abandonment by visitors. It can also hurt your reputation as being a reliable authority.
  • HTTPS has a direct correlation with SEO Ranking, especially with Google search results.
  • If you have an e-commerce site it is absolutely compulsory to enable HTTPS when dealing with financial and confidential information from your users.
  • Your website will go from being insecure about being secure.
  • It is the baseline in internet security.
  • Ensures that data is passing from your server to your visitor’s browser completely encrypted from internet snoops.

Using HTTPS is the only way moving forward in your website’s future so make sure you make the switch today.