HTTP versus HTTPS: How much of a difference can one additional letter make? As it happens, quite a lot. Ever since Google confirmed that it considers whether a site uses HTTP or HTTPS as a ranking factor, there’s been a lot of debate about the merits of making the switch. I don’t know about you, but I’m the type of person who likes to play it safe; if Google recommends something, I’m all for it.
Still, while switching to HTTPS makes sense for most websites, it’s not always worth it.
IS IT TIME TO SWITCH?
Let’s face it: HTTPS has always been a smart idea. After all, users obviously prefer safe, secure websites, and running one helps to build trust. When Google announced that it would consider HTTPS as a ranking signal, many website owners immediately made the change.
Although Google does indeed count HTTPS status as a ranking signal, it only gives it a small amount of weight in its algorithm. Any boost that most sites get will be fairly minimal. With the exception of major sites that draw huge amounts of traffic already, most sites won’t see a noticeable improvement in ranking from switching to HTTPS.
Is it even worth it?
GOOGLE THINKS SO
Google’s announcement is just one of the many ways in which the search engine giant has chosen to espouse the virtues of HTTPS. The company has reportedly started indexing secure web pages over unsecured ones, and they ran an HTTPS Everywhere campaign a while back.
In fact, Google even offers a guide–“Securing Your Website with HTTPS”–to promote the technology and to encourage and help site owners switch over.
WHAT IS HTTPS?
HTTPS stands for Hypertext Transfer Protocol Secure. It has one primary advantage: it makes sites more secure for the people who visit and use them. If you pay attention to domains in the address bar of your browser, you’ll notice that some start with http:// while others start with https://. The latter denotes a secure website.
3 MAIN BENEFITS OF HTTPS
As mentioned before, the most obvious advantage of HTTPS is that it creates a secure online experience for website users. This translates into many benefits for site owners. In particular, sites that are considered to be safe are also considered to be trustworthy. When a business is perceived as being trustworthy, it tends to excel.
With HTTPS, data is secured through what is known as Transport Layer Security, or TLS, protocol. This protocol delivers three layers of protection:
- Encryption – Via TLS, HTTPS encrypts data that is transmitted while a user is interacting with a site. As a result, it prevents hackers and others from tracking their activities and from otherwise “listening” to their transactions. To understand anything that’s being transmitted, the encryption key is needed.
- Authentication – This layer of security wards off “middle man” attacks, wherein a user thinks that they are communicating with a specific site but are actually communicating with a decoy. With this layer, a user can easily confirm that they are visiting the site that they are intending to visit. Even if a user has no concerns about the security of your site, they will feel reassured when they see the notification that they are, indeed, visiting the correct website.
- Data Integrity – As data is transferred through a website, whether through a user-submitted form, a payment or another transaction, it is vulnerable to attacks unless the site is secured with HTTPS. This layer helps to ensure that data cannot be modified or corrupted while it is being transferred. In addition to preventing annoying errors on your site, this helps to shield sensitive information from prying eyes and reduces the risk of it vanishing at random and going who knows where.
DOES HTTPS MAKE SENSE FOR YOUR SITE?
If switching to HTTPS is unlikely to improve your ranking, should you even bother? Providing a secure online environment seems like reason enough, but that’s not always true.
For example, if you run a simple blog or other small website and never ask users to provide personal information or to submit payments, you can probably get away with not using HTTPS. If you do collect potentially sensitive information or payments, the applicable pages should be HTTPS at the very least. If you’re going to do that, though, you might as well switch the whole site over.
WILL HTTPS MAKE YOUR SITE SECURE?
While HTTPS makes websites safer for visitors to use, it doesn’t actually protect your website. Even after switching to HTTPS, your site will remain vulnerable to hacking of the site, server or network; software vulnerabilities; downgrade attacks; DDOS attacks and other issues. Other steps must be taken to mitigate those other risks.