If you’ve seen recent discussions online about the pros and cons of HTTP vs HTTPS and you host a WordPress website, you might be wondering: do I need to make the switch? The short answer is: yes. Google has begun rewarding websites for making the switch from unencrypted to encrypted addresses. It has also begun to mark websites that accept sensitive information like credit card info, but who don’t have an encrypted address, as potentially dangerous to users.
HTTP vs HTTPS: What’s the Difference?
When a website serves information to a user using a website address that is HTTP, third parties can view that information. The information is unencrypted and therefore accessible to anyone with the right technological expertise. A website using HTTPS, however, is encrypted, meaning no third parties can view any information that the user inputs into the website. Websites prove that their information is encrypted by utilizing a Secured Sockets Layer or SSL certificate that tells web browsers the website is secure.
When Did Google Start Marking Websites as Unsafe?
Google has been talking about penalizing unencrypted websites since 2014, but they just made SSL mandatory for all websites in January of 2017.
How Is Google Penalizing Websites?
Though Google doesn’t release every factor that their search engine uses when determining the credibility of a website, here’s what we know:
- Websites that use any kind of password login form, ecommerce (i.e. buying and selling) feature, or credit card form will be marked as “unsafe” unless they use HTTPS.
- Websites that don’t ask for passwords, credit card info, or utilize ecommerce, will still be marked as “unsecure” unless they use HTTPS.
- Once websites are marked as unsafe or unsecure, they will begin to lose their position in search results to websites that are secure.
How Does This Affect WordPress Websites?
Any website that uses HTTP vs HTTPS will be negatively impacted, regardless of the content management system being used. So, a WordPress website that is hosted as an HTTP will be penalized, just as a Drupal, Joomla!, or Magento website will be. A WordPress website that uses HTTPS, however, will not be penalized, assuming the SSL encryption is correctly installed.
Why Is Google Doing This?
Google’s aim is always to protect its users from malicious websites and to serve them the best search results. Google is trying to push website owners to secure their websites in order to cut down on spam bots, spyware, and other malicious software. It is penalizing those who don’t comply by pushing them down in search results so that fewer users will interact with them, thus limiting the possibility of attacks.
How Can I Tell If My Website Is Using HTTP vs HTTPS?
If the URLs in your website contain an “s” before the colon, like the following, then your website is secure:
Web browsers like Firefox and Chrome will also tell you if a website is secure. The green lock icon pictured above means that a website is secure. If no green lock icon appears before the website address, then the website you are looking at is not secure. If a red lock icon appears, then the website is deemed unsafe by that search engine.
Does SSL Really Make My Website Secure?
SSL is simply one measure for securing your website. It ensures that website content is encrypted and makes it less likely that information that a user inputs into a website will be intercepted by third parties, including hackers and other people trying to steal sensitive information. Does it guarantee this? No, absolutely not. There are still ways that third parties can steal sensitive information from a website using HTTPS. It simply is harder to do so.
How Do I Get an HTTPS Website Address for My WordPress Website?
Tune in next week for a follow-up post about how to secure your WordPress website with tips culled directly from our recent experience securing several client websites and our own website.