‘Do I need HTTPS for my website?’ is a question we’ve gotten a lot since Google declared 2/3 of websites to be insecure in January of 2017. Not since “mobile-ageddon” has Google penalized so many websites in one fell swoop. During mobile-ageddon, Google started penalizing websites if they weren’t mobile-responsive. Now, Google is doing the same thing with security.
In January of 2017, they declared any website that isn’t using the HTTPS protocol “insecure,” and started penalizing certain types of insecure websites in search rankings.
Do I Need HTTPS For My Website? Yes, You Probably Do
If you’re still on the fence about whether you should make the switch from HTTP to HTTPS, you should definitely consider making the switch. Since Google’s decision at the beginning of 2017, we’ve been tracking just some of the negative effects of this decision on the millions of websites still using HTTP.
Below we’ve collected some of our findings.
Some Supposedly Secure Websites Still Aren’t Secure
In order to have a secure website with HTTPS, as opposed to HTTP, you need what’s called an SSL certificate. This is basically an add-on to your website’s code that validates your website as secure. Unfortunately, because certain companies weren’t issuing valid SSL certificates before 2017, some website owners may find that they have an HTTPS website with an SSL certificate, but are still labeled “insecure” by Google. Recently, for example, Symantec was found to have improperly validated over 30,000 SSL certificates. Bottom line: even though you installed an SSL certificate on your site, you may find yourself penalized by Google. If you have HTTPS and have been penalized by Google, find a qualified web specialist to test your site.
Transitioning From HTTP to HTTPS Is a Bit of a Doing
If you have an existing website that is HTTP and need to transition to HTTPS, there is more involved than just installing a certificate. You have to change all of the links in your website to HTTPS, need to make sure you’re installing a valid SSL certificate, and need to test your website to make sure you don’t have an insecure content to get the coveted “green lock” symbol from Google Chrome saying your website is secure. Bottom line: trying to transition your website to HTTPS by yourself may not be advisable unless you’re a web developer. Consider hiring one to save yourself the trouble of doing a lot of work and ending up with poor results.
Consumer Confidence Is a Major Factor to Consider, Especially if You Are Doing E-Commerce
The threshold is now much lower for Google penalties relating to HTTP, including browsers like Google Chrome and Firefox shutting website visitors out of your site entirely until they agree to a very scary-looking “security exception.” This is magnified if you are doing any kind of e-commerce or if you are storing any kind of secure information on your website (i.e. user account information, passwords, customer order records, etc.). Bottom line: because the threshold is much lower for being penalized, and because many online users look for the green lock symbol before making a purchase or entering any kind of personal information, websites that don’t have valid HTTPS are risking alienating their customers.
So, Long Story Short: You Should Definitely Consider Making the Switch to HTTPS.
There is simply no reason not to, especially after we’ve seen a variety of negative effects play out since the beginning of 2017. The answer to the question ‘Do I need HTTPS for my website’ is an unqualified: ‘yes.’
To Learn More About Why You Should Make the Switch From HTTP to HTTPS, Check Out Some of Our Other Recent Articles on This Topic
- Do I Need an SSL Certificate on My WordPress Website?
- 3 Tips for Converting Your WordPress Website to SSL for Free
- Keeping WordPress Secure: 4 Things Everyone Should Do