Skip to main content

Moving your website to HTTPS, is it worth it?

Still, while switching to HTTPS makes sense for most websites, it’s not always worth it.

Is it time to switch?

Let’s face it: HTTPS has always been a smart idea. After all, users obviously prefer safe, secure websites, and running one helps to build trust. When Google announced that it would consider HTTPS as a ranking signal, many website owners immediately made the change.

Although Google does indeed count HTTPS status as a ranking signal, it only gives it a small amount of weight in its algorithm. Any boost that most sites get will be fairly minimal. With the exception of major sites that draw huge amounts of traffic already, most sites won’t see a noticeable improvement in ranking from switching to HTTPS.

Is it even worth it?

Google thinks so

Google’s announcement is just one of the many ways in which the search engine giant has chosen to espouse the virtues of HTTPS. The company has reportedly started indexing secure web pages over unsecured ones, and they ran an HTTPS Everywhere campaign a while back.

In fact, Google even offers a guide “Securing Your Website with HTTPS” to promote the technology and to encourage and help site owners switch over.

What is HTTPS?

HTTPS stands for Hypertext Transfer Protocol Secure. It has one primary advantage: it makes sites more secure for the people who visit and use them. If you pay attention to domains in the address bar of your browser, you’ll notice that some start with http:// while others start with https://. The latter denotes a secure website.

3 main benefits of HTTPS

As mentioned before, the most obvious advantage of HTTPS is that it creates a secure online experience for website users. This translates into many benefits for site owners. In particular, sites that are considered to be safe are also considered to be trustworthy. When a business is perceived as being trustworthy, it tends to excel.

With HTTPS, data is secured through what is known as Transport Layer Security, or TLS, protocol. This protocol delivers three layers of protection:

  • Encryption – Via TLS, HTTPS encrypts data that is transmitted while a user is interacting with a site. As a result, it prevents hackers and others from tracking their activities and from otherwise “listening” to their transactions. To understand anything that’s being transmitted, the encryption key is needed.
  • Authentication – This layer of security wards off ‘middle man” attacks, wherein a user thinks that they are communicating with a specific site but are actually communicating with a decoy. With this layer, a user can easily confirm that they are visiting the site that they are intending to visit. Even if a user has no concerns about the security of your site, they will feel reassured when they see the notification that they are, indeed, visiting the correct website.
  • Data Integrity – As data is transferred through a website, whether through a user-submitted form, a payment or another transaction, it is vulnerable to attacks unless the site is secured with HTTPS. This layer helps to ensure that data cannot be modified or corrupted while it is being transferred. In addition to preventing annoying errors on your site, this helps to shield sensitive information from prying eyes and reduces the risk of it vanishing at random and going who knows where.

 

Does HTTPS make sense for your site?

If switching to HTTPS is unlikely to improve your ranking, should you even bother? Providing a secure online environment seems like reason enough, but that’s not always true.

For example, if you run a simple blog or other small website and never ask users to provide personal information or to submit payments, you can probably get away with not using HTTPS. If you do collect potentially sensitive information or payments, the applicable pages should be HTTPS at the very least. If you’re going to do that, though, you might as well switch the whole site over.

Will HTTPS make your site secure?

While HTTPS makes websites safer for visitors to use, it doesn’t actually protect your website. Even after switching to HTTPS, your site will remain vulnerable to hacking of the site, server or network; software vulnerabilities; downgrade attacks; DDOS attacks and other issues. Other steps must be taken to mitigate those other risks.

Making the switch: a step-by-step guide

You’ve given the matter a lot of thought and have decided that switching to HTTPS is right for your website. Maybe you’re holding off because you’re not particularly tech savvy. Here’s some good news: You don’t really have to be to switch a site to HTTPS.

While every hosting provider and situation is different, the basic process for switching to HTTPS is fairly universal. I’ve broken it down into simple, actionable steps for your convenience.

Step one: Use a test server, if possible

This step doesn’t need a lot of elaboration. If you have the technical know-how and a little extra time, consider switching to a test server before engaging in this process. In the unlikely event that something goes awry, no one visiting your site will be any the wiser.

Step two: choose an SSL certificate

One of the most important aspects of converting a site to HTTPS is choosing an SSL certificate. SSL, or secure socket layer, is the protocol that is used by HTTPS. There’s no getting around it: You have to install an SSL certificate to use HTTPS.

Fortunately, you don’t necessarily have to spend a lot to get one. However, you must decide between three different options:

Domain Validation Certificate – This type of certificate is the cheapest and fastest to get. Not surprisingly, it is also the most basic and only really provides encryption. Many hosting providers offer this type of certificate for free.

Organization Validation Certificate – Available in 128-, 256- and 2048-bit FYI, Google prefers 2048 bit an organization validation certificate can typically be obtained in about 24 hours. It provides verification by a regulated government entity and includes authentication. If you collect personal information, this is the one to get.

Extended Validation Certificate – Available only in 2048-bit encryption, this type of certificate is most commonly used by major e-commerce sites. It provides the best security, including the green status bar at the top of the browser that denotes that the user is visiting a secure site. This type of certificate can usually be obtained in three to five days.

Where can you get an SSL certificate?

As mentioned before, it’s often possible to obtain a free Domain Validation certificate from your hosting provider. Hosting providers usually offer other types of certificates as well. It is generally best to get your certificate from your hosting provider, as they will usually install it for you and can provide support going forward.

How are SSL certificates installed?

Again, it is generally best to simply allow your hosting provider to install your SSL certificate for you. Not all hosting providers will do so, though. If yours won’t, search Google for [hosting provider name] + a SSL certificate installation. You should be able to find instructions that way. If you strike out, contact the provider for assistance.

Step three: Make a URL map

Next, you need to create a URL map for your website and redirect your old HTTP URLs to your new HTTPS URLs. The map itself can just be a basic spreadsheet. Make one column for your current HTTP URLs and another for their corresponding replacement HTTPS URLs.

This has to be done because http://www.example.com and https://www.example.com are two distinct URLs. All pages on your site must be copied and redirected from their old HTTP URLs to their new HTTPS homes.

Pro tip: While you’re doing this maintenance, it’s a great time to make any desired changes to your site structure or URL format.

Another tip: If you use WordPress, you can simply add all of the permanent, or 301, redirects to your .htaccess file. Everything will be handled in one fell swoop!

Step four: Update internal links

After completing the previous step, you will be left with a site that’s riddled with internal links that point to old HTTP URLs. Needless to say, you must address this issue to keep your site functioning properly.

With any luck, your site is already set up with relative URLs. This means that rather than providing an entire URL for each page, you just instruct the browser to add something to the end of the domain portion of the URL. A link in this case would be written as:

Meanwhile, an absolute link would be written as follows:

If your site doesn’t use relative URLs, you’ll have to find and replace all of them yourself.

Update image files and other resources

Hyperlinks aren’t the only elements on your website that need to be updated when switching to HTTPS. Your site also links to images, scripts and other files, and their URLs must be switched to HTTPS URLs to keep things running smoothly.

Quickly see what you’re up against by right-clicking any page on your site and selecting “View Page Source.” From there, look for tags for various elements to see how many you will need to fix.

You may be able to handle this quickly if you have both HTTP and HTTPS URLs because you can use protocol relative URLs. For example, in:

This site uses Akismet to reduce spam. Learn how your comment data is processed.