HTTPS secures the connection to the website you are visiting. I’m sure you have seen this in action; look at the address bar in the browser and find the lock icon on the left-hand side. Is the lock closed? Then the connection is secure. Is it open, or is there another type of icon or message? Then it’s not secure and vulnerable to attack. Using a site over a non-secure connection means hackers/criminals could intercept the data you send to the site, like your password and email address. Here, I’ll explain what HTTPS is and why it plays a role in (technical) SEO.
HTTP vs HTTPS
When you type in a URL in the search bar, your browser asks the site for its IP address – for instance, 123.456.7.89. This number is the actual address that a site gets online. The browser connects to this number in the hopes this is the correct site. This is all done in plain sight, and there is no encryption to be seen so that everyone can intercept this traffic. So when you want to log in to a site that you connect to via an HTTP connection, the data you enter – username and password – is sent in plain text. Trust me that isn’t good. Think about what would happen if you’d connect to your bank this way.
HTTPS secures this process. It encrypts the connection between the browser and the site, making sure that no one can intercept the data sent between those two. Every site that wants to secure itself needs a so-called SSL certificate. The browser checks the certificate of the site and verifies its legitimacy with the company that issued it. If you want to see who issued the certificate, please click on the lock icon. Using HTTPS, sites secure your login procedure and personal data and what you do on a site, and which sites you visit.
Besides securing the web, HTTPS is necessary for sites that want to upgrade to a new, safer, and much faster internet protocol called HTTP/2. HTTP/2 includes different new technologies that make sites a lot faster to load.
How does it benefit your user?
Everyone has the right to privacy on the web. We are doing so many mission-critical things on the web these days to use any security we can get. An ever-increasing number of websites are making a move to HTTPS. In the screenshot below, you can see that at the moment, 61% of the sites that Firefox loads are being sent over HTTPS (stats by Let’s Encrypt). This is a must for any site, even if you own the bakery around the corner, and don’t send or request sensitive data via your website.
How does it benefit SEO?
In 2014, Google announced that HTTPS would become a ranking signal. Today, activating that SSL certificate is going to give your site a slight ranking boost. But it’s not just about rankings as much as it is about user experience and gaining trust with your future customers. Not only that, almost every innovation happening on the web — from performance optimization techniques to progressive web apps — is requiring HTTPS and that’s only going to increase over time. We are inevitably moving to an all-HTTPS web. It is, therefore, essential that your site makes the switch sooner rather than later.
In 2018, with the release of version 68 of the Chrome browser, Google started marking all HTTP sites as “not secure”. Several other browsers followed their lead. When your site doesn’t have an HTTPS connection or when you try to send data via HTTP on your HTTPS site, these’ not secure’ messages are very visible for users. Don’t forget; it’s easy to scare off visitors! Wouldn’t you switch over to the site of a competitor when you’d see something like the ‘not secure’ message in the screenshot below?
Make the switch to HTTPS
A few years ago, switching to HTTPS was a major undertaking. Some big sites waited years to do it because it came with several challenges, like speed issues and the cost/benefit issue. These days, it’s manageable. If you’re planning to make the switch, be sure to make a checklist, so you don’t forget anything during the process.
Joost shared some advice in an Ask Yoast video on moving to HTTPS:
Forcing HTTPS is something that you need to test really well. There are all sorts of things on your site that probably aren’t HTTPS ready that you should know of upfront. I know it was a lot of hard work to get yoast.com to HTTPS, and we don’t even have ads. Especially ad services can be really tough to get working on HTTPS.
The Let’s Encrypt project issues free certificates to anyone wanting to secure their site. Several web hosts even offer free Let’s Encrypt services that make the installation of a certificate as easy as pie. That is, however, only one piece of the puzzle. On Google’s Secure your site with HTTPS, you can find more information on best practices. We’ve written a guide on moving your site to HTTPS.
WordPress makes it easier to move HTTPS
A feature introduced in WordPress 5.7 makes moving to HTTPS a lot easier. Site Health now has a check that sees if your WordPress site runs on a hosting account ready for SSL. Most hosting providers can arrange an SSL certificate for you, so you have to get one and activate it for your site in your hoster’s account. After that, Site Health will tell you if your site is ready to switch from HTTP to HTTPS. If the blue button appears, you can update to HTTPS with one click. WordPress will update the URLs in your database and will prevent so-called mixed content from happening.
HTTPS is the default
There’s no reason for your site not to be served via a secure connection. The importance of HTTPS has only grown over the past couple of years, and, in return, the process to upgrade your site to HTTPS has simplified. A secure site is now available for everyone. Visitors have come to expect it as well, so there really is no reason to lag!