In 2014 Google announced “HTTPS as a ranking signal.” This announcement signifies that security across the web is now a high priority in Google’s eyes.
October 2016 Google stated that HTTPS will now be a requirement for websites and that they would begin penalizing sites not using the HTTPS protocol. Google plans to more prominently label sites not using HTTPS as nonsecure by October 2017. The message that a site is nonsecure will appear in the URL bar for all users on the Chrome browser.
So what does the switch from HTTP to HTTPS mean for you?
In this article, we will take a look at:
- The Difference Between HTTP and HTTPS
- User Experience After the Switch
- Why You Need to Care
- What the Switch Means for your Magento Store
- Overview of Implementing HTTPS
What is the Difference Between HTTP and HTTPS?
HTTP stands for Hypertext Transfer Protocol. HTTPS stands for Hypertext Transfer Protocol Secure.
Very simply, HTTPS is an HTTP protocol with an additional security layer.
An SSL certificate provides the additional security of the HTTPS protocol. The SSL certificate encrypts the data between a users computer and a website. If something (or someone) malicious intercepted this data they would not be able to understand it due to the encryption.
In addition to the layer of security provided by the SSL certificate, data sent via HTTPS is also secured by what is called the Transportation Layer Security (TLS) protocol.
The TLS provides three key aspects of protection:
- Encryption: this means that when browsing websites nobody can track your activities across multiple sites or pages and steal your information.
- Data Integrity: this means that data cannot be changed or corrupted during transfer without being detected.
- Authentication: this proves that your viewers are communicating with their intended website, it prevents “man in the middle” type attacks on users.
User Experience After October 2017
Currently, savvy web users can quickly identify which protocol a website is using by checking if HTTP or HTTPS appears before “www.” in the URL bar of their browsers.
Google plans to ramp up its warnings for nonsecure sites on its Chrome browser, which surveys show that 60% of viewers use as their preferred browser. Currently, when a user visits a nonsecure page Chrome displays a small “i” in a circle symbol in the address bar before the URL, which you can then click to learn more about the warning. For example:
On secure sites, it displays a padlock (which is typically green). For example:
Google plans to make the warnings on nonsecure more noticeable. They will be implementing a large red “Not Secure” warning in the address bar on the Chrome browser after October 2017. For Example:
Why Should I Care?
1. Security: If you are weighing the differences between HTTP and HTTPS – HTTPS obviously has a big leg up regarding security. Don’t you want your website to be as secure as possible?With increasingly frequent cyber crimes (that are now more publicized than ever) users are more aware of the need for safe and private online experiences. This is even more true for online shoppers who are entering confidential billing and shipping information on your site. Utilizing the HTTPS protocol will help to build trust with your customers as they can easily see that your site is secure and they are at lower risk for identity theft.
2. SEO: There is also the matter of SEO. Google itself announced that HTTPS is now a ranking factor and sites that do not make the switch will be penalized, whereas sites that do make the switch will gain ranking boosts over time. 61% the first page of the organic search results are secure sites. Keeping your organic search rankings high is crucial, as many eCommerce stores depend on search results to drive customers to their stores.
3. Mobile: Mobile is no longer optional in 2017. If you want your website to be found, your site needs to be responsive and mobile friendly. The announcement that Google would be going with a mobile-friendly first approach has brought light to the importance of AMPs (Accelerated Mobile Pages). AMPs were developed by Google to ensure that content can load faster on mobile devices. AMP content typically appears more prominently in the SERPs (search engine result pages) and is specifically designed to benefit users on mobile devices, since mobile users are now the majority of viewers. AMP plays a huge role in optimizing for mobile devices and requires HTTPS to work.
What Does This Mean for My eCommerce Store?
Security has always been of utmost importance for eCommerce websites. eCommerce sites are prone to hacking and malware by people who want to get their hands-on customer’s identity data. When customers shop online, they want to know their data is secure – nobody likes dealing with the fallout of identity theft.
Until recently for eCommerce websites, only cart and checkout process pages were required to be secure. However, now your whole site must be secure or risk the more prominent “nonsecure” warnings in your customer’s browser. These more significant warnings are likely to be very noticeable to customers. If a customer feels that your site is not secure, they may choose to shop with another retailer that is secure. The result of this is lost trust with your customers and a decline in sales.
Currently, the impact of HTTPS to your stores SEO rankings won’t make or break your rankings. However, things are heading in that direction as hinted by the Google Webmaster Blogs. Many eCommerce businesses rely on traffic from the organic search, so it is smart to be proactive with this switch before your organic ratings take a hit and you lose valuable customer traffic.
What this boils down to is, not making the switch to HTTPS will result in loss of sales on your Magento or other eCommerce stores.
An Overview of Implementing HTTPS
Making the switch over to HTTPS requires a couple of steps – here is an overview of the process:
- Crawl current website – this way you can understand the current state of your site and be aware of any assets you may be using that are insecure.
- Get an SSL certificate – there are many ways to obtain a certificate. You can either purchase one from a number of companies or utilize https://www.letsencrypt.org to get a free certificate. Typically certificates are only good for a certain length of time – (usually up to a year) before they need to be renewed.
- Install the certificate on your server – how this works will be different for each server set up, but usually, it will be documented by your hosting provider. Unsure how to complete your installation? Customer Paradigm can work with your hosting provider to get you set up!
- Update any nonsecure assets within the content of your website – this is why it is important to crawl your site, that way you can see if you are linking to any assets that are insecure and can easily update them.
- Add the HTTPS version of your website to any webmaster tools that you use – this will allow search engines to be updated to recognize your site.
These steps are just a brief overview of how to implement HTTPS on your website, the installation of your SSL certificate will be different for each web host, and you may have a variety of other SEO related tasks associated with this switch.
It is clear that the move to HTTPS is not only a smart one but now an essential one. With the clock ticking on the amount of time left before Google begins to start heavily penalizing nonsecure sites, all eCommerce merchants should start planning for this switch.
The switch from HTTP to HTTPS can be a complicated one to understand. If you need help implementing these changes on your eCommerce store we can help! Connect with Customer Paradigms team of experts today to get started on securing your site!