Why Your Website Needs HTTPS No Matter What Service Your Business Provides
What is HTTPS, and what does it do?
In general, HTTPS creates a more secure means of communicating information over an insecure network. It’s important when we’re putting our personal information—like a credit card number, social security number, date of birth, or confidential health information—into a website form. If that information is intercepted by people who don’t have the right to have it, we’re going to have a bad day.
However, it’s more necessary today that any website, no matter if it has a form or just text and images, be secure. Without proper and ongoing security, threat actors (aka the bad guys) can harm your visitors and business by doing things like changing the content on your site, adding links to malicious sites, or “eavesdropping” on a visitor’s activity on your site.
A brief history of how we got here
In 2010, the Electronic Frontier Foundation and The Tor Project released a browser extension that automatically made websites use HTTPS. Fast forward to 2014, and Google started a heavy push to get website owners and developers to make their site more secure by implementing HTTPS across the site. Coming in July 2018, Google Chrome v68 will come with a change to automatically mark all non-HTTPS websites as “Not Secure.” And because Google is…well…Google, they have the clout to make big changes standard across the Internet.
What if my website doesn’t have HTTPS implemented?
We highly recommend you get it done, and definitely before July. The increased security alone is worth it today, but the other big benefit is the peace of mind that your website’s visitors won’t feel distrustful of your site. Chrome is the most widely used browser in the world, and signs point to other browsers picking this up as well. You don’t want to miss out on potential prospects for your business from this issue.
One other small benefit is a boost in your site’s visibility for Google searches. We’ve found that sometimes there’s a noticeable boost, and other times, not so much. It’s dependent on a few things, like if your competitors for key searches already have HTTPS across their sites as well as correct implementation.
How do I do it?
Every website is different, but every good implementation or update starts with a solid plan. Key things to include in your implementation are:
- Using a staging or testing environment to test all changes before going live.
- Adding 301 redirects from the old HTTP to the new HTTPS URLs (tip: use a simple spreadsheet to map out your redirects).
- Along the same lines, making sure you aren’t creating redirect chains or loops.
- Ensuring that all internal links, images, and other assets are properly set as HTTPS (mixed content is a security vulnerability).
- Updating your sitemap to use HTTPS versions of the URLs.
- Changing any analytics platform accounts to use the new default HTTPS URL. Otherwise, your website traffic stats might be off.
Notifying any outside marketing agencies you utilize of your new URL; this is important so they can change any marketing campaign URLs appropriately.
These are just a few of the items needed as part of your implementation plan. If you’re using an outside web development company to manage your website, be sure to ask for a written plan from them. It’s more than fair.
For any assistance getting your site up to par with HTTPS implementation, contact us.