If you have an eCommerce site it is 100% worth making the switch to https, soon it will even be essential (more on that below) if you have a non eCommerce site I would say it is still worth installing an SSL or TLS certificate and making the switch to https.
What is SSL?
SSL stands for Secure Sockets Layer, an industry standard first adopted by Netscape in 1994. Today it is still the main security technology for establishing an encrypted connection between a sites web server and a users browser. When a site has a suitable SSL certificate installed a padlock appears in the users address bar this padlock symbol assures users that data passed between the web server of the site that they are visiting and their browser will remain private and secure, it can assure the user that the site they are dealing with is legitimate and that any payment information they supply will be safe. Many online shoppers, myself included will not by from sites that don’t have https in their address bar.
Different Levels of Encryption
There are different levels of encryption and different types of SSL certificates available on the market, encryption is a mathematical process of coding and decoding information. These days a 256 bit encryption is pretty standard, 256 bit is millions of times more secure than the encryption technology was in it’s early days. In the early days of SSL encryption it was just 40 bit.
Difference Between SSL and TLS
TLS stands for Transport Layer Security, this site has a TLS 1.2 connection. TLS has taken over from SSL, according to this blog post on the mozilla blog a vulnerability known as POODLE meant that SSL version 3.0 was no longer secure. POODLE meant that information such as cookies could be stolen and so a better level of encryption was required.
TLS versions 1.1 and 1.2 have fixed many of the vulnerabilities found in SSL 3.0, this means better security for websites and their users. Whether or not your website will be able to establish secure TLS or even SSL connections depends on your webserver, if you are looking for a new web host you will want to consider one that can offer TLS as SSL is now a bit old skool but still used by the majority of sites displaying https. To be really future proof, up to date and speedy you will want to find a host that supports HTTP 2.
What is HTTP 2?
HTTP stands for Hypertext Transfer Protocol, for the first time since 1999 a new version of the protocol which dictates how webservers interact with browsers has been developed. Back to TLS, TLS requires a webserver which has been FIPS 140-2 validated. In addition, the cryptomodule must be installed, configured and operated in either an approved or an allowed mode to provide a high degree of certainty that the FIPS 140-2 validated cryptomodule is providing the expected security services in the expected manner, if your a geek you can more on that here.
HTTPS for SEO
Google loves https so much that they have made it a ranking factor, in a not so recent blog post Google said HTTPS is a ranking signal. When Google released that post they said it was only a lightweight signal but most people like to do whatever they can to get a little ranking boost so by not having https in the users address you are probably in a bit of a minority. Moving to https certainly won’t have a negative impact on your rankings, I have switched my site to https and would recommend you do too. As Tesco say, “every little helps”.
HTTPS and Google Chrome
Another shockwave from Google can be found here, in that blog post Google said, “To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we’ll mark HTTP sites that transmit passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.” So their long-term plan is to eradicate all http sites and now is the perfect time to make the switch.
To summarise, you should switch to https even if you don’t have an eCommerce site because:
- Visitors to your site will trust it more.
- Some visitors to your site will see you as a more legitimate company.
- Google use it as a ranking factor.
- Google have a long-term plan to mark all HTTP sites as non-secure.
Is it worth switching to https? I think yes, leave your thoughts below.