To many people, the difference between these two HTTP and HTTPS could only be the extra letter ‘S’; but what difference could that really make? Well, a huge difference. Google’s ranking criteria checks if a site uses one of them; something that has led to so much talk on switching. So is it worth the switch?
A few years ago, there were many complaints from Facebook users about their Facebook accounts being hacked. Facebook came around with apologies, claiming that they had been serving their login pages with HTTP; which is not secure, especially when a user is providing information to the site? Attackers used this loophole to get other users’ passwords. They said that they were changing to HTTPS, which was secure. Most people recovered their accounts, though it did not make so much sense to them back then.
What is HTTP and what is HTTPS?
Here is a Story of HTTP
A developer got a client’s requirements for an e-commerce application, something that he was very good at. He presented his proposal a week later; and among the things he was asked about was if he was conversant with web security issues. Being the developer he thought he was, he said that he was conversant.
He was very excited to get the job. When building such a site; he gathers the client’s requirements and comes up with a mock-up that he shares with the client. They discuss this and agree on what to change before the actual design work starts. He then registers the domain name that the client wants and starts with the actual design.
This is the main process that takes quite a while. When done, he sets up the payment methods, adds products and tests the whole application; paying an extra attention to the checkout. He was done with this project and presented it to the client. The client was so happy for getting the application within a few days.
However, a week later the client called back claiming that the app was not secure; and he was concerned about the users’ security. The app also started showing a lot of ads they had not set up. This was a failure on the developer’s part; so he started going through the code and the server at large looking for solutions. It is at this point that he remembered that maybe it was attacked; since it was using the vulnerable HTTP instead of HTTPS and changed.
What are the merits of switching from HTTP?
HTTPS sites provide improved security for site users. This might not seem important to some people; but truth is that the security advantage brings in more benefits to the owners of the sites. For instance, you would trust a site that is safe, and provide it with your personal information. This will make the site achieve its purpose, leading to the success of that business.
What makes HTTPS secure?
Transport Layer Protocol has three protection layers
HTTPS encrypts data entered a site by a user using the TLS protocol.
This is useful as a third party is prevented from getting the user’s information; or even the transaction details.
An encryption key is needed to be able to understand the data that is transmitted.
Think of doing an online bank transfer with a site that does not use HTTPS. Do you think your data would be secure? Definitely no.
Imagine a situation where you visit a site for a transaction, and you are doing everything right. But then you are communicating with another person, not the intended one. This layer protects users from such “middlemen”.
While data is been transmitted through sites; it can be attacked and modified, or even vanishing and going to other destinations. This layer of security wards off such attacks. HTTPS uses this layer to ensure that data is not corrupted or changed during the transmission.
Which one is important for you? When to Switch?
You might ask yourself; if HTTPS would rank your site higher and probably your answer is not likely.
The security of this app and its users was the big reason for the developer to start the switch. But it might not be reason enough for every other person.
For example, some small sites and blogs developed years ago. They do not ask visitors for any information have had no issues with security; even though they still use HTTP.
One of the most important things to note is that HTTPS made the e-commerce app secure; for both the visitors and the app owner. But did not protect the app from all attacks. This means that the developer had to take other security steps to protect the app from other risks; such as hacking, downgrade attacks, server and network errors among others.
How to make the Switch HTTP to HTTPS?
After the developer’s research and deciding to switch from HTTP to HTTPS; the next step was to learn how to switch. It is very easy for anyone to make the switch from HTTP to HTTPS. You do not really need to be very much of a tech-savvy person. The switching process is fairly similar over all the hosting providers and easy.
Here is a guideline for the basic steps that you can follow to switch; before starting, set up a test server. This is important in that in case an error occurred. Your app will not go down and the services will remain uninterrupted.
Step 1: SSL Certificate
HTTPS uses a Secure Socket Layer protocol or SSL. After setting up the test server, you will need to get an SSL certificate and install it.
This is quite easy to do with the major decision point been on the three options; that are available to choose from:
Domain Validation Certificate.
This is the most basic certificate and provides encryption only. It is also easy and quick to get.
Organization Validation Certificate.
If you collect data from website visitors, this is the best certificate for you.
Organization Validation Certificate uses an entity regulated by a government to provide verification and authentication.
Extended Validation Certificate.
This is the most common certificate, especially with busy sites like e-commerce sites. It is the most secure and goes far to show the visitor, the site they are visiting is secure.
They can get it within a maximum of five days. To get either of the above certificates, it would be good to first talk with your hosting provider.
Some hosting providers even offer free certificates, especially the domain validation certificate. They can also install it for you.
Step 2: URL Mapping
After getting the SSL certificate; you will need to get a URL map, then redirected the old URLs to the new ones. This is basically a very simple step, which is achieved by creating a spreadsheet with two columns; one with the old URLs and the other one with the new replacements.
For example, http://www.urltext.com and https://www.urltext.com are two very different URLs.
You will also need to change the internal links still pointed to the old URLs. This helps to avoid errors in the app.
Note: While still on this step, you will need to remember that the app has different links; not only hyperlinks. It also has links to scripts, images, and many other files. Also, you will need to change these URLs.
An easy way would be to right-click on a page of your site on a browser; then checking the page source.
Here, you can look at tags on different elements and decide on how to change them.
Some people use CDN(Content Delivery Network). In that case, you would be required to check if HTTPS is supported since most of them do. If not, you can contact your hosting provider for guidance on implementing HTTPS.
Step 3: Adding the site to Webmaster Tools
After successfully completing the above steps; proceed to webmaster tools from Google and add the site to the tools again. This will require you to provide it with a new sitemap. Submitted the old sitemap as well since Google uses old sitemaps to get the 301 redirecting prompts; and updates them.
Step 4: Testing
The last step is testing.
This is a very important step. You must always take after completion of any single change of any app.
The first thing you will need to check is the links on the app. Make sure that they are all working well and then check the traffic after the switch.
If you see a big drop, then there is a problem that needs to be addressed. A tiny change or no change at all in the next few days is normal.
Sometimes issues may arise after the switch from HTTP. The major reason for this is when Google cannot crawl the old site, HTTP version site. The most common reason for this is not allowing the test server; to use bolts or duplication of the content. Make sure that all these issues are all set well accordingly.
This proves that there is no reason at all for you not to make the switch HTTP and HTTPS. You should be very keen running your apps on HTTPS. The merits are more, and no demerit at all.
You might not get to see a big rise in ranking or traffic; but then if you are running a business.
You know that your customers will most likely do business with you if they feel secure doing so.
Google might soon consider this as a big factor in ranking; which will be very important for you if you make the change?