What is HTTPS and Why is it Critical?
Migrating from HTTP to HTTPS is now critical. Remaining HTTP puts your SEO rankings and conversions at increasing risk as browsers crack down on non-secure sites.
What is HTTPS?
HTTP, or Hyper Text Transfer Protocol, is the foundation of data communication online; it is the protocol over which data is sent between a user’s browser and the website they are connected to. HTTPS is the secure version; it is the HTTP protocol with a SSL (Secure Socket Layer) or TLS (Transport Layer Security), encryption layer on top of it. The all-important ‘Secure’ tells your website visitors that all communications between their browser and your website are encrypted.
HTTPS keeps information safe from hackers because the SSL / TLS layer encrypts and decrypts the information sent between servers so that no one in-between can read it.
What types of businesses need to switch their websites to HTTPS?
It is absolutely imperative that websites receiving ANY sensitive information such as emails or passwords migrate to HTTPS. This is especially important for any businesses conducting online transactions such as ecommerce businesses.
Google representatives recommended that all websites should be secure by default. Over half of page one Google results are now HTTPS and the data trend suggests that 65% of page one results could be HTTPS by the end of 2017.
Why do you need to switch your website to HTTPS?
Browsers now mark pages as not secure.
Browsers such as Chrome, Firefox and Internet Explorer are getting increasingly tougher on non-secure connections. If a user is on a secure connection, the browser now displays a padlock icon in the address bar to let the user know their connection is secure:
The green padlock indicates trust to website visitors – whether they understand HTTPS or not. Those that know the true meaning of the green padlock know that their data is safe from hackers and that you are a registered business. To users that don’t understand HTTPS, the green padlock implies it’s a legitimate website. Either way, the padlock instills or reinforces trust in your website so your customers will feel safer converting.
If a user is on a non-secure connection, the user is provided with a warning:
This warning can be enough to cause users to question the safety of their information and abandon the conversion, especially when credit card details are involved.
Chrome believes that passwords and credit cards aren’t the only types of data that should be private. From October 2017, if you have forms, login fields and any other info fields on HTTP websites, Chrome is going to alert your users. When you click in to a form field on a non-secure website, the URL bar will change from showing nothing, to showing ‘Not secure’:https://www.onlineassetpartners.co.nz/http-search.gif
Chrome has also recognized that when users browse in ‘incognito mode’, they expect their data is going to be secure. Chrome will therefore show this warning on all pages when a user visits in incognito mode. They plan to eventually show the ‘Not secure” warning on all HTTP pages even outside of ‘incognito mode’.
Browsers disabling automatic credit card filling.
In some cases, users receive warnings at the most crucial point in the ecommerce conversion path, which can have catastrophic effects on conversions. As well as showing ‘Not secure’ in the URL bar, Chrome is also disabling automatic credit card filling on non-secure connections, making users think twice before finishing the final step and often pushing them to abandon the purchase.
The credit card form pictured below follows all the recommended best practices of Conversion Rate Optimisation, from illustrating the form is (apparently) secure with logos below and to the right of the form to instill trust, to showing points of difference which increase motivation right when the user really needs it. Unfortunately, no matter how great their points of difference are, in most cases they won’t counteract the damage Chrome’s warning does, stating ‘Automatic credit card filling is disabled because this form does not use a secure connection.’
2. Safety of information
Your customer’s information, such as their credit card details, will be encrypted and therefore cannot be intercepted by hackers.
3. SEO rankings
HTTPS is a ranking signal for SEO. Google prefers trusted sites so changing to HTTPS can give you a slight increase in rankings over time. Additionally, now that over half of page one Google results are HTTPS, Google may look to ramp up the importance of HTTPS in their ranking algorithm. It would be wise to migrate to HTTPS before this happens to avoid a drop in rankings.
4. Analytics tracking
When an HTTPS website sends traffic to your HTTP website, it will show as ‘direct’ traffic in your Analytics. Once you change to HTTPS, you will be able to see the websites referral traffic is coming from.
Are there risks involved in moving to HTTPS?
Yes, any significant change to your site-wide URL introduces risk, especially if you have a large website. Switching to HTTPS incorrectly can hurt your site and decrease your SEO rank and traffic.
There are a lot of complicated steps involved in changing to HTTPS so most websites run into issues. 50% of websites that make the switch have mixed content issues which occur when some elements on your website are not secured with HTTPS such as images or links. This can result in security issues and your customers receiving warnings about loading unsafe content which is often enough to make them abort.
Over half of all websites that switch to HTTPS have link issues, such as internal links on an HTTPS site linking to HTTP pages, or HTTP URLs remaining in your sitemap which misleads search engines and can result in an incomplete crawling of your website.
Many websites see certificate mistakes and server issues.
It is critical that you make the switch to HTTPS as soon as possible to avoid losing valuable traffic and conversions. HTTPS will ensure the best possible performance the web offers, allow you to use new features which are too sensitive for HTTP and most importantly, will instill enough trust for your customers to hand over private information.
While there are risks involved in remaining HTTP, there are also risks involved in migrating to HTTPS. It is crucial you have a professional making the change to avoid losing rankings and traffic.