What is HTTPS?
If you experience website development, you will hear about HTTPS. It may puzzle a non-tech person. I am professional web developer, who work at website development agency. So, let’s me explaine HTTPS.
HTTPS (HyperText Transfer Protocol Secure) is an extension of the HTTP protocol that is used to encrypt and securely exchange data between the user and the site. All information is encrypted using TSL cryptographic protocols or its predecessor SSL. If you do not go deep into technical details, then HTTPS encrypts data and makes it impossible to intercept them.
How it works? As soon as you visit the site, your browser receives a certificate from the server, which contains all the information about the site, its owner, who issued it and much more. Most importantly, your browser receives the public key, by which it will begin to encrypt all data. The server has a private key with which you can decrypt all the information.
If someone wants to intercept or receive confidential data, you will able to see he will be able to see only a set of incomprehensible characters, which will take several years to decrypt. During this time, the certificate will become obsolete, and as a result, the attacker will not receive anything.
Why do you need HTTPS
- Show your visitors that the site is safe!
- Get additional impetus to the SEO issuance.
- Ensure the security of the transmission of personal data to the site. Such as full name, passwords, login, credit card number, etc. That is, all the data that the user leaves on the site
So, HTTPS is needed to protect the personal data of users and for the confidential exchange of information between them and the site. HTTP transfers all data in an open and unencrypted form, which cannot provide the necessary protection against “listening”.
Is this a myth or the truth: Websites with HTTPS are ranked better by Google
The use of safety certificates began in 1994 and did not cause such a stir until August 2014. Until Google announced a crusade in the name of the safe Internet. And from that moment on, the world of SEO has never been quiet.
There is unshakable logic in the widespread use of HTTPS – caring for users and their security. For this purpose, Google decided to push (or speed up – whatever you want, and call it) the Internet to switch to HTTPS. It was announced that sites with SSL and TSL certificates support will receive a bonus when ranking in the amount of 1% and promised to throw a couple more over time.
It was a great rarity when Google called a specific ranking factor and indicated the exact degree of its influence, and did not keep silent, as usual, as strongly generalized recommendations for webmasters. Naturally, such a signal could not be passed by any self-respecting SEO, and the gold rush actually began.
The graph clearly shows a slight increase in the share of HTTPS results in the issuance of the TOP-10 in August 2014, immediately after the announcement.
The company Stickyeyes immediately (at the end of 2014) decided to check the strength of the influence of HTTPS in the ranking.
From Google TOP 100, the number of HTTPS results for certain rubrics (Gambling, Tourism, Retail, Jurisprudence, Finance) increased from 5.25% to 6.93%.
Results for TOP-5 Google
The result is very interesting, although it did not give us anything. Clicking on the link to the study, you will see many more graphs that in some industries (for example, microcredits), the proportion of HTTPS has increased significantly, whereas in tourism there is no change.
What conclusions can we draw? First, no one will take responsibility to say that the increase in visibility in issuing merit only HTTPS, or that HTTPS has not affected in any way. Secondly, this is the natural course of events when sites began to massively switch to a secure connection, and thereby increased the number of HTTPS results in the output.
In the future, Moz began to monitor the issue of HTTPS in the TOP-10, this is what was learned:
- January 2016 – 25%
- July 2016 – 35%
- October 2016 – 40%
- February 2017 – 45%
- April 2017 – 50%
The forecast for the near future is easy to build. But now the question arises, how will sites actually be ranked when 100% of the resources are transferred to HTTPS? Then this 1% of Google loses any meaning.
In addition, on April 21, 2017 Gary Ilsh responded to an employee of Moz on his Twitter account that the initial idea of increasing the weight of HTTPS in the ranking was revised and abandoned.
What do we have today? At first, no one thought about switching to HTTPS just for the sake of security. Everyone tried to promote the site by position due to an additional ranking factor. But as it soon turned out, this factor is so insignificant that its influence cannot be determined, and now you should not even rely on it in the future. Therefore, some did not attach much importance to the influence of HTTPS, relying on the fact that their sites do not work with personal data, do not sell and do not buy – they have nothing to steal from their visitors. Plus, it was foolish to spend money and time on the transition for the ghostly impulse in the ranking.
We started talking about this especially after Google Chrome (56) began designating HTTP sites as unsafe in January of this year. Following this example, all the most popular browsers work today.
Chrome has announced a number of steps to gradually block mixed content. The corresponding message was published on October 3, 2019 in the Chromium Blog.
Mixed content: unprotected elements transmitted over the HTTP protocol through pages with an SSL certificate. For example, images, audio and video from third-party (insecure) domains.
If you see these errors, I recommend you to read How to Quickly Fix Mixed Content Warnings on WordPress sites
But if you a non-tech person, you can hire front-end developer who will help you fix errors on your website.
Now possible to draw final conclusions:
- If the user visits the site, sees that the connection is unsafe, it is likely that he will leave in search of a reliable resource. And these are already behavioural factors – a powerful signal in the ranking, plus customer confidence will be lost.
- Now it concerns not separate sites, for example, only online stores, but all resources on HTTP – browsers do not make any difference, you work with bank cards, collect email addresses or simply post photos of cats without any obligations.
- With such a massive transition of sites to HTTPS, the opportunity to remain in the minority became very real if you continue to use HTTP.
Leaving from this, you can say for sure why you need HTTPS:
- For the safety of your customers. The root cause of all troubles remains the first answer to the main question. Think first about people. No one is immune to malicious intent.
- To improve behavioural factors. Switching to HTTPS will negate the chances of losing customers due to an unsafe site, thereby not causing loss of positions, an increase in failures and a drop in traffic. Perhaps this is the most important thing that you need to remember first.
- SEO. Our song is good. As already mentioned, no one will subscribe to the fact that HTTPS does not affect SEO. But, if you decide to buy a certificate, then this should not be the main reason, but only an additional plus to the karma of the site in the eyes of the search engine. In addition, if under equal conditions (actually laboratory) to take two sites, and one translate to HTTPS, then there is every chance that this site will bypass its competitor.
What do you need to know about transfer from HTTP to HTTPS?
Loss of position and new mistakes
Not always, but in most cases, as soon as the site switches to HTTPS, there is a sinking of positions and a drop in traffic, and then a return. The transition is a complicated process so that hosting companies that sell certificates for $ 19 are not told. The main danger is to make a mistake some growth (I repeat, not always).
In the implementation, which will greatly complicate matters with SEO, which will negatively affect the positions. Company SEMrush pointed out 10 major mistakes that need to be corrected immediately:
- Lack of support for HSTS – the mechanism that activates the forced secure connection via the HTTPS protocol (86%).
- The presence of mixed content on the site (50%).
- Internal links to HTTP pages (50%).
- The presence of unprotected pages with fields for authorization (9%).
- Absence of redirects and rel = canonical attributes pointing to the URL in the HTTPS format (8%).
- The domain name for which the SSL certificate is registered does not match the name in the address bar (6%).
- URLs in HTTP format in Sitemap.xml for HTTPS site (5.5%).
- An old version of a security protocol (3.6%). Using the old version of SSL or TLS protocol (version 1.0) is fraught with security issues.
- Expired SSL certificate (2%).
- No support for SNI, an extension to the TLS protocol, which allows you to install several SSL certificates on one IP address (0.56%).
There are still problems with the display of content, you need to reconfigure Google Analytics and a lot of everything that you may have to do manually. Conclusion – entrust this business to professional.
Here are some tips from Google on switching to https.
- Decide what type of SSL certificate you want to use: for a single domain, multi-domain, or with sub-domain security.
- Use 2048-bit certificates.
- Use relative links within your protected domain.
- Always specify the type of protocol in all references to resources located in other domains.
- Provide the correct redirection of the pages of your site.
- Do not block access to the robots.txt file to search engines.
- Let search engines index your site as much as possible. Avoid the noindex commands in the robots.txt file.
Also I recommend you to read this article Website migration: mistakes and tips
Also, our SEO team can help you to attract more visitors from organic search.
Download speed
It takes a little time to encrypt all the information, which can affect the speed of loading the site. This is quite a weighty argument, but as it turned out, a properly configured protocol can, on the contrary, speed up the site. But not in all cases – a lot of webmasters complain about the slowdown of the site for a split second. And this increase depends on the browser, computer specifications and Internet speed of the user himself.