What is HTTPS and Why Should You Care?

If you haven’t switched to HTTPS yet, now is a good time to take action! 

The way browsers flag non-HTTPS sites is more than a simple visual change. It’s actually a real paradigm shift, meaning that it will soon be the usual and accepted way of doing business.

There is a big push right now for securing web pages using HTTPS, as evidenced by the way the major browsers are changing the way secure and non-secure sites are handled.

What is HTTPS?

HTTPS stand for Hyper Text Transfer Protocol Secure. It provides a secure, encrypted connection over the internet between your browser and the web server.

You may have noticed this when you visit a bank website, or Facebook. The first image on the left below is how Facebook appears in Chrome; the one on the right is how it appears in Firefox.

Secure site in Chrome Secure site in Firefox

Why is HTTPS important?

HTTP uses an open, unencrypted connection between you and the website you’re visiting that could be intercepted by anyone monitoring traffic between you and the site. What is the likelihood that someone is monitoring YOUR traffic, you ask?

Let’s say you went Christmas shopping and all your packages are in the car. You run into the grocery store to get just one thing, which turned into 5 or 10 things. You didn’t lock your car door because you were just going to be a minute, or because you were distracted and just forgot. What is the likelihood that someone was watching and when you went into the store, they stole your packages. Get my point?

There are three main reasons to move your WordPress website to HTTPS:

  1. Ecommerce – If you are selling products on your website, you want to protect credit card transactions.
  2. Security – SSL protects your site data and visitors. It encrypts data, like personal information and passwords, that is transferred over the internet.
  3. SEO – Your site will rank better in search engines if it is HTTPS

To put it simplistically, any data sent using an HTTP URL is sent through the internet as plain text. HTTPS, on the other hand, protects the confidentiality of users’ data through the use of encryption.

How Chrome and Firefox Will Display Secure Sites

CHROME

Chrome has a long-term plan to mark all HTTP sites as non-secure. They have been rolling it out in phases.

In version 56, Chrome currently HTTP sites appear like the image below: 

Not secure in Chrome 56

When you click on the icon, the following will display:

Cllick on icon

Eventually, the following will be displayed:

Not secure in Chrome

FIREFOX

Firefox has also been phasing in how they display secure vs non-secure websites. Starting in version 52, Firefox, when you log into your WordPress site, you saw a warning message when you click inside the login box.

Not secure in Firefox

What is a Security Certificate?

Sites that display HTTPS use an SSL certificate to prove the website’s identity to browsers. At one time, these were quite expensive, but they are much more affordable now. In fact, if you host with hosts such as Siteground  and Bluehost, they are free! They may even already be installed, though not activated.

How To Activate an SSL Certificate?

Now that you understand WHAT HTTPS is and WHY should be used, the next step is how to implement it.

If you’re not familiar with doing redirects and tweaking things within your database, you could do one of two things:

  1. Reach out to your web host to see if they can assist you with the process
  2. Hire me to take of it for you

When you purchase your HTTPS migration, I will be doing the following:

  1. Confirm that your site has a proper SSL Certificate installed – if you host with me, this is already installed, though not activated.
  2. Activate the SSL Certificate
  3. Add 301 redirects to the HTTPS version
  4. Update Google Search Console
  5. Make sure all pages on your site load secure HTTPS

NOTE: If you are already on my Peace of Mind Care Plan, you are eligible for a 33.33% discount.