Switching From HTTP to HTTPS (For Free): Why it’s Important for Your Website + How To Do It!
First and foremost, let me explain exactly what HTTP & HTTPS is….(that may help a little, huh?)
HTTP: Hypertext Transfer Protocol
HTTPS: Hypertext Transfer Protocol Secure
(Hypertext Transfer Protocol is the system that transmits & receives information across the internet…..basically it’s how the internet works)
What’s the difference between HTTP and HTTPS? Security.
Websites that are HTTPS have that cute little green padlock next to the URL in the browser’s address bar.
Besides getting a green padlock…
What does HTTPS do?
It works with another protocol called SSL, which stands for Secure Sockets Layer.
If you purchased the hosting for your own website, you’ve probably seen the option to add an SSL certificate.
SSL certificates are mandatory if you’re going to be selling things directly on your website. If you’re not selling anything on your website, then you might not have heard of an SSL certificate before.
What does the SSL certificate do?
It works in conjunction with HTTPS to add a secure layer on top of your website so that data is transported safely.
“Transported safely? Why does that matter?”
Think about your credit card information, when you purchase something online….do you want that data to be handled….unsafely? Hell no.
Even if you aren’t processing credit cards or asking for sensitive information, you should still consider getting an SSL certificate & taking your website from HTTP to HTTPS.
Why is HTTPS important?
- Trust from your Users:
The world wide web is constantly evolving. Who evolves with it? Users. Even a user that might not be very technical, will still be able to notice that cute little green padlock in the browser’s address bar. They associate that padlock with security (which they totally should) and a lot of them have grown to trust websites that HAVE the green padlock, over ones that don’t.
- Extra Security:
Having HTTPS prevents tampering on your website from third parties. It also encrypts all information & data (encrypting means to encipher or encode, so that the data can only be read by the intended recipient. It’s kind of like talking in a code that no one else really understands).
- Password Protection:
If you have your users create a password for themselves on your website, for any reason at all….that password is considered sensitive information. If you don’t have HTTPS then you don’t have that extra layer that will protect that data. What if your website visitor Sandy uses the same password for your website, as she does for her online credit card accounts? (Not very smart on Sandy’s part, but hey, we’ve all done that) Website hackers are highly intelligent. They understand the typical website user’s thinking….so that’s the first thing they’ll try if they want to break into Sandy’s credit card account. (This is a huge reason why you shouldn’t use the same password for everything online)
- Increased SEO Rankings:
It’s very rare for Google to flat out tell us that something is an SEO ranking factor, but they did confirm that having HTTPS will give you a boost in search results. Security is a big deal to Google; it’s actually one of their top priorities. As of right now, making your website HTTPS won’t give you the biggest jump in SEO, but over time, it’s going to increase in importance so, eventually it will make a much bigger impact on your SEO score.
Google Says: “Carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. We’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
Interested in increasing your WordPress SEO on your own, without hiring an agency? Check out my new ebook: The Ultimate Beginner’s Guide to WordPress SEO – The DIY non-tech guide to understanding SEO & optimizing WordPress websites for search engines
- More Accurate Analytics:
Having HTTPS on your website also makes Google Analytics information more helpful. When website traffic passes to an HTTPS website, referral information and data is preserved. When website traffic passes to a HTTP website, that traffic shows up as “Direct” which is confusing because (unlike HTTPS) the website information is stripped away and you don’t know where it’s actually coming from.
So, basically, the internet is moving towards an everyone-should-be-secure-no-matter-what type of trend, so before Google starts penalizing websites for not being HTTPS, you should consider looking into making the switch.
What’s the bad part about going HTTPS?
In a nutshell, nothing.
But some people argue that having that extra layer of protection will cause websites to be slower. Yes, that’s correct, but that’s only because it’s encrypting data. Having HTTPS typically only slows down a website by a few milliseconds….and if those few milliseconds are making or breaking your website speed, you might want to consider checking other performance issues.
Check out: How to Make Your Website Faster.
Another complaint about HTTPS is that it’s not that easy to set up & it can be expensive. Both of these can totally be true, depending on your type of website & your computer skills. SSL certificates can be purchased through your hosting company, which usually run about $60-$200 a year, or you can set up a flexible SSL certificate through a cloud DNS service, like CloudFlare. (If you’re nervous about making the switch, contact a web professional & they should be able to either walk you through it or do it for you, depending on what you need)
How to get a Flexible SSL for Free?
For Free? Hell yes, for free.
CloudFlare, the cloud DNS service I mentioned above offers free flexible SSL certificates for websites. All you have to do is sign up for their free account, follow some instructions, and wait about 24 hours.
Would you like step by step instructions on setting up CloudFlare’s flexible SSL?
Here’s an AMAZING tutorial by Jonny Jordan that walks you through literally every step to setting it all up on your WordPress website!
I actually just switched over my own website to HTTPS, using CloudFlare & Jonny’s guide. HTTPS sounds intimidating, but they make it pretty easy. The only thing that the guide left out, that left me in a loop is that it says “You have now requested a Flexible SSL Certificate from Cloudflare and will normally take around 15 minutes to issue you one. Cloudflare will tell your Flexible SSL is active by displaying a green active box below.” —- this is correct, for CLOUDFARE, but it may take your hosting/domain company longer to active it. I had to wait about 24 hours for everything to click over before I could make my website HTTPS without having an error.
After you follow the instructions on setting up HTTPS, make sure you add the HTTPS version of your website to Google Webmaster Tools and submit an HTTPS version of your sitemap. ALSO, in Google Analytics, you should change the default URL to HTTPS.
What are your thoughts? Are you going to join me in making the switch to HTTPS?!