Since summer 2014, Google takes into account if your website is delivered over a secured connection. Open your website and look at the start of the address.
Does it start with https://? If so, congratulations, the connection to your web server is secure and Google rewards you by ranking your website slightly better. But what does HTTPS mean and how can you get it if you don’t have it already?
What is HTTPS?
HTTPS stands for Hypertext Transfer Protocol Secure and basically encrypts the connection from your browser to the webserver. This means that nobody can wiretap your connection and steal your credit card details for example. This is achieved by encrypting the data transfer between your browser and the server end-to-end. HTTPS hides all the data you exchange with the website from people that have access to the connection like your employer, ISP, government agencies that possibly monitor your connection, and other potential attackers. All they can see is the domain name (yourwebsite.com), but they can’t tell which pages you visit and what data you send through contact forms.
HTTPS also checks if the data you receive from the website is genuine. This means nobody other than the owner of the website can alter the content of the website during transmission without causing an error in the browser. It also makes sure that the website you are connecting to, really is the website you assume it is. This protects you from Man-In-The-Middle attacks.
How do I get HTTPS?
If your website is hosted with us, simply give us a call and we can set up an SSL Certificate for you. This will enable HTTPS on your website. If your website is hosted with another hosting company, you need to call them and request an SSL Certificate. Most big hosting companies will gladly help you with that. However, an SSL Certificate usually costs an annual fee which the Certificate Authority charges. Certificates are valid for one year and then have to be renewed.
If you have a private server, have a look at LetsEncrypt.org. Big companies like Google and Facebook all back the idea to encrypt all websites on the internet. But many owners of smaller web servers don’t want to pay money to encrypt a non-commercial website, so a new Certificate Authority was founded that issues free SSL Certificates. It is currently in a public beta.
What do I have to watch out for when I buy an SSL Certificate?
If you instruct us to set up HTTPS, we will take care of everything for you and your website should be encrypted the very next day. But if you ask other companies to set up HTTPS for you or you want to do it on your own server, make sure to keep the following best practices in mind:
- Request a 2048 bit key for the SSL Certificate
- Select a reliable and well known Certificate Authority
- Redirect visitors and search engines to the HTTPS version of your site (the regular HTTP version is usually still available). Use one of the following methods:
- Server-side 301 HTTP Redirects or
- Enable HSTS on the webserver
- Only use relative URLs in the source code of the website, so resources like images are loaded over HTTPS. Don’t load unsecure resources from other websites that don’t have HTTPS.
- Ensure that the HTTPS site is not blocked from being crawled through search engines
- Check the HTTPS on your website.
If you follow all this advice, your website will receive a small ranking boost from Google. Since this is only one of many parameters Google uses to calculate the page rank, don’t always expect a visible change but sometimes it can make a difference. Google also confirmed that HTTPS could be a larger influence in the future. Currently, Google makes another effort to persuade website owners to install HTTPS: Google Chrome will soon display a more dominant icon in the address bar when a page doesn’t support HTTPS.
Consider getting an SSL Certificate today. It protects sensitive information your clients enter in your contact form or when shopping online on your website. Call us today if you want to set up HTTPS on your website.