In February 2018, Google announced that they will be marking all HTTP sites as not secure. This includes the Google Chrome 68 which is expected to release in July 2018.
The website not on HTTPS will show a warning to the user which will look like this in the browser:
If your website is not on HTTPS, you should make the move now as you will be losing your traffic significantly.
This is done to make sure the websites people access are secure. You might be wondering:
What is HTTPS? And why should I move to HTTPS?
In this guide, I’m going to answer all these questions to help you understand the importance of HTTPS and how it will help you improve your website security.
I’ll also show you how to move your website to HTTPS.
So, let’s begin.
What Is HTTPS?
Before I explain HTTPS, it is important to understand the meaning of HTTP.
HTTP stands for Hypertext Transfer Protocol and is a communication protocol that clients and servers implement to be able to communicate.
This was started in 1989 by Sir Tim Berners-Lee and has been widely used as the default communication protocol.
But there was a problem with HTTP:
The information is transferred between the browser and the client in clear text, allowing the network, through which the information passes, to see the information transmitted. This is a huge security concern.
And this is why HTTPS (Hypertext Transfer Protocol Secure) was introduced. HTTPS first establishes an encrypted communication channel, and then transmit information from the browser to the client.
In a nutshell, HTTPS is a secure version of HTTP where the information transmitted is encrypted.
Let’s now discuss the benefits of HTTPS over HTTP.
Benefits of HTTPS over HTTP
HTTPS has many benefits over HTTP because it’s more secure. Here are some of the benefits of using HTTPS.
#1. Increased Website Rankings
Google has confirmed that websites using HTTPS will have a slight boost in rankings. And since Google is pushing websites to move over to HTTPS, it is obvious that there will be benefits of using HTTPS over HTTP.
All big sites in the industry have been moved to HTTPS.
So it's mendatory to move your site to HTTPS if you want to retain your rankins.
#2. Better Referrer Data
Referrer data is blocked in Google Analytics if you’re on HTTP. So, if you get huge traffic from a website, and you’re on HTTP, the traffic would appear as direct.
But this is not the case with HTTPS. The referral traffic is preserved and passed on in Google Analytics thus helping you have better information about your traffic.
#3. AMP Requires HTTPS
You already know the importance of Accelerated Mobile Pages (AMP) and how they can help you improve your rankings.
And if you’re serious about implementing AMP, you must move to HTTPS.
Because HTTPS is a requirement for AMP. Modern browsers and progressive web apps require HTTPS to perform properly.
So, if you’re planning to implement AMP, you will have to move to HTTPS.
#4. More Secure
HTTPS is obviously more secure than HTTP because it’s encrypted. This security helps in the following ways:
- It makes your website secure for your visitors.
- It protects your data from being sniffed.
- It prevents tampering of data.
- It prevents content spoofing and phishing.
- It encrypts communication in every form including the URL, passwords, browsing history etc.
An important part about HTTPS is SSL. This is what enables encryption and helps secure the website.
Let’s discuss about SSL.
What Are SSL And TLS?
The encrypted channel in HTTPS is created using Transport Layer Socket (TLS) protocol, also known as, Secure Socket Layer (SSL).
SSL and TLS are often interchanged as SSL 3.0 is referred to as TLS 1.0. SSL utilizes a public and private key to establish an encrypted connection.
There are different types of SSL certificates based on the level of security.
Types Of SSL Certificates
- Domain Validation (DV) Certificate
This is the most common type of certificate. A domain-validated certificate is checked against domain registry.
A DV certificate is the cheapest among all SSL certificate types but is often regarded as risky because an individual cannot validate if the business on the site is legitimate.
These types of certificates are recommended where security isn’t a very big concern. You can use a Domain Validated certificate on blogs and personal websites.
- Organization Validation (OV) Certificate
An Organization Validated certificate is trusted and contains legal business information such as the organization name, city, state, and country.
These certificates require real agents to validate the certificate.
- Extended Validation (EV) Certificate
An Extended Validation certificate verifies the organization behind the website. The certificate is obtained after checking the legal entity that controls the domain. These are similar to OV certificates.
The process of obtaining an EV certificate involves by checking the:
- Control of domain
- Government business records
- Independent business directories
- Phone call verification
Now, if you’re totally new to the concept of HTTPS and SSL, you may be thinking:
How do I know if a website has an SSL certificate?
Well, here’s the answer:
How Do I Know If A Website Has SSL Certificate?
To identify if a website has SSL, you’ll simply have to look at the website’s URL.
The URL of a website with SSL starts with “https://” and not “http://”.
You can also look at the padlock icon at the URL bar of your browser.
This little icon is displayed if the website has SSL:
To check more about the certificate, you can click on the icon and ensure the validity of the certificate.
Why Is Google So Cautious About HTTPS?
It’s no secret that Google considers HTTPS as a ranking signal. The burning question is:
Google is the biggest search engine and all the information people access is with the help of Google.
The search giant wants to ensure that the website people access using their search engine are secure.
HTTPS is an important step to protect users from content spoofing. Content spoofing is when a hacker creates a fake website and make it appear as a legitimate organization.
This is often done to misrepresent a person or an organization. But that’s not it.
Content spoofing has many forms such as eavesdropping, man-in-the-middle attacks, and spreading false information.
Protecting the users from this can only be done by enforcing HTTPS to website owners.
And Google is very serious about it as they banned SSL certificate authorities WoSign and StartCom for not maintaining high standards.
So, if you don’t want your visitors to see a warning like this on your website, you should move get SSL.
How To Get An SSL Certificate For Your WordPress Site
Now, you know everything about HTTPS and SSL. You know it’s very important to move to HTTPS.
The next step is:
How to get an SSL certificate.
Let’s dive into that.
Obtain An SSL Certificate From Your Hosting Provider
You can easily get an SSL certificate from your hosting provider. All hosting providers offer an SSL certificate when you purchase a new web hosting.
But not all of these providers offer free SSL certificate.
Luckily, there is a renowned hosting provider, A2 Hosting, that offers free SSL certificate.
Here’s a look at the different types of SSL certificates offered by A2 Hosting:
A2 Hosting offers free SSL certificate by Let’s Encrypt and is automatically applied to your account.
To install an SSL certificate on your website, you just need to contact A2 Hosting support team, and they’ll install SSL on the domain of your choice for free.
Enable HTTPS On WordPress
Once you have obtained and installed an SSL certificate, you’ll simply have to go to your WordPress dashboard and change the URL of your website.
In your WordPress dashboard, go to Settings > General.
In General settings, you will have to change the WordPress Address (URL) field. Replace the current URL with https://mydomain.com where mydomain.com represents your domain name.
Follow the same step for the Site Address (URL) field and replace the current URL with https://mydomain.com.
Click save and you’re done.
Now, your website will always use SSL and will load the HTTPS URL instead of HTTP. You can check this by opening your website and if you see a green padlock icon, it means your website has SSL installed.
Note: You can also implement this step using a plugin. We will discuss about this plugin below.
Why Use A2 Hosting Over Any Hosting
The reason why I mentioned A2 Hosting above was because they offer free SSL certificate. And installing SSL to your website as an A2 Hosting user is very easy.
But that’s not it.
I always recommend A2 hosting because they provide the best hosting services out there at an affordable price.
Here are some reasons why you should choose A2 Hosting over any other hosting.
- 20x Faster Than Any Other Hosting
The biggest reason why A2 Hosting is such a great hosting provider is that they are 20x faster than any other hosting provider. And this fact is true.
It is the fastest shared hosting provider in the market.
The pricing plans of A2 Hosting are quite affordable when compared to other hosting services. Their shared hosting plan starts at $3.92 per month which is very cheap compared to other services.
Their subsequent pricing plans are also very affordable. Not to mention the high performance you get at this pricing.
- SSD Storage
A2 Hosting servers use SSD storage which makes their servers very fast and offer high performance.
- Unlimited Storage
You also get unlimited storage so that you never run out of space.
- Free Account Migration
What if you’re on some other hosting provider?
Well, you can make the move now for free with the free account migration offered by A2 Hosting.
So, if you’re on a hosting that doesn’t provide free SSL, you can move to A2 Hosting for free and get a free SSL certificate.
WordPress Plugins To Install After SSL Certificate Installation
There are different WordPress plugins you should install after installing SSL certificate. But what most people get wrong is that you don’t have to install a ton of plugins for SSL.
One plugin is enough to ensure your entire WordPress site is on SSL.
And, that plugin is Really Simple SSL.
With Really Simple SSL plugin, you can move your entire website and its resources to SSL with a single click.
A common question people have is:
Why do I need to install a plugin if I already installed SSL?
Even after installing SSL, there are some changes and configurations needed to be done to move your site completely to SSL.
Doing these changes manually can cause errors. Thus, it’s better to use a plugin that can do all your job in a one-click and saves you time.
Here’s what Really Simple SSL plugin does:
- Redirects incoming requests to HTTPS
All the incoming requests are redirected to HTTPS with this plugin. This means that whenever any page on your website is accessed, this plugin will make sure that the HTTPS version of the URL is loaded.
- Changes Website URL to HTTPs
Remember we changed our website’s address to HTTPS?
Well, this plugin can do that for you automatically.
- Checks for errors
When you force SSL on your website, often times, errors occur.
Really Simple SSL plugin checks for these errors with its scanning feature.
The plugin is available for free on the WordPress repository. But they also offer a pro version of the plugin. Here are the features available in the pro version of Really Simple SSL:
- Option to enable HTTP Strict Transport Security
- Option to configure your site for the HSTS preload list
- Mixed content filter for back-end
- Certificate expiration check
So that’s all about HTTPS and SSL. Now, you know what is HTTPS, types of SSL certificates, and how to install SSL in WordPress.
If you haven’t moved to HTTPS yet, I recommend you to do it quickly so that you don’t lose your traffic and rankings.
Installing SSL is simple and it’s free with A2 Hosting. If your hosting provider doesn’t offer free SSL, you should definitely move to A2 Hosting.
If you have any questions about HTTPS and SSL, feel free to ask them in the comments section below.