What is SSL and HTTPS + Why You Should Care 🔒
Question: Would you leave sensitive documents with tons of your personal information out on a table when you have guests over to your house?
If so, kudos to you for having a trusting, carefree spirit—you probably won't care about this topic if you don't mind posting pictures of your new credit card on Facebook.
If you have more sense than that, keep reading. The internet is a scary place with a lot of shady characters itching to get their hands on your data.
HTTP VS. HTTPS
HTTP is an acronym for hypertext transfer protocol. It’s the protocol that handles communication between systems. This is what transfers data from servers to your browser to view web pages.
Most people don't think about it, but this is what happens behind the scenes whenever you visit a web page.
HTTP is not encrypted, so it can be intercepted by anyone looking to gather data being transferred between systems.
The 'S' in HTTPS stands for 'secure' and can be obtained by using an SSL certificate. 'SSL certificate' stands for secure sockets layer certificate which authenticates the identity of a website and creates a secure, encrypted connection between the server and your browser.
Without HTTPS, any data that its transferred between servers is insecure. Until recently, the majority of SSL certificate users have been e-commerce sites and any website where there may be a transfer of sensitive information like credit card or financial information.
As internet security becomes a growing concern the need for HTTPS is steadily increasing and the uptake of SSL certificates has begun to increase, but the level of awareness about this technology is still vanishingly small.
Why HTTPS & SSL is so important
The short answer: you're making your website more secure and improving user trust.
The number of people who care about a secure connection will vary based on your target clientele, but you may be surprised at the number of people who notice and look for a secure connection, especially now that Google's chrome browser prominently displays whether or not a website is secure.
According to internet security authority GlobalSign, nearly 50% of online shoppers worry about their credit card information being stolen and 84% would abandon a purchase if data was not sent over secure connection.
At Google I/O in 2014, Google talked about their vision for “HTTPS everywhere” and suggested that HTTPS would be used as a ranking signal, which means that websites using a secure connection could see a boost in their SEO ranking.
If Google is talking about it, I think it's safe to say that you might want to pay attention. The importance of HTTPS, similar to the importance of mobile friendly websites is guaranteed to climb.
How to get secure
Website CMS platforms like Squarespace, Wix, and Pagecloud have adopted security practices and are making it super, ridiculously easy to turn on SSL certificates.
Some make it easier than others...
For instance, this feature is already on by default in Squarespace, plus there's an additional option to force browses to view the secure version of your site that you can tuen on with one click (sorry, I had to plug Squarespace somewhere—this is a blog about Squarespace stuff after all).
With Wix, you'll need to turn SSL on manually, but still an easy process.
Pagecloud asks you to follow a 12 step process to activate an SSL certificate via Cloudflare, still easy-ish if you're a little more tech savvy.
Finally, there may be plugins and a little bit more advanced knowledge of certificate types, coding, etc. required to install an SSL certificate on a Wordpress website, not to mention the updating of all internal website links, which has the potential to be a massive task, depending on the size of your website.
The point of all this is that there are varying levels of difficulty involved in making your website secure.
It is my opinion that regardless of steps you need to take, it's important and will become increasingly important to add this basic level of security to your website. This is yet another reason I build all my client websites with Squarespace. It has been my experience that they are ahead of the curve with respect to core back-end and SEO related features.
At the very least, security should be a concern for you regardless of the nature of your business if only to mitigate the risk of experiencing a breach, a hack, or personal information theft. However, it's important to realize that HTTPS will soon become the norm rather than the exception.
There's no time like the present, as they say. It's always better to be ahead of the curve rather than waiting until the last minute when you don't have a choice.
Google's ranking algorithm and SEO best practices are always a key driver for the decisions I make for my website, but this one is a no-brainer.
Be prudent. Be Responsible. Be Secure.