Why Every Website Needs HTTPS

Matthew Mirzai
By Matthew MirzaiDeveloper
6 minutes to read

The difference between http (Hyper Text Transfer Protocol) and https (Hyper Text Transfer Protocol Secure) may not be apparent to everyone.

But, according to the National Fraud Intelligence Bureau, nearly £11 billion was lost due to online fraud in 2015.

Visitors to your website can now instantly check whether your site is secure or not, and lack of security will be an issue for many potential customers. However, HTTPS makes it easy for you to protect your users and their data in a proactive and visible way.

It increases security

Whenever you are entering sensitive details online, such as bank card numbers or login passwords, you want to ensure the line is secure from man-in-the-middle or eavesdropping attacks. HTTPS helps to increase your security and protect users.

The ‘s’ stands for ‘secure’ and means all communications between your browser and the website are encrypted. This is done by attaching an SSL (Secure Sockets Layer) certificate to your web server which connects to HTTPS and adds a green padlock to your site.

It instils confidence in your users

An SSL certificate is a digital file that attaches itself to your site's web server and authenticates the identity of the website it is bound to. It also encrypts data to and from the website, enabling secure transmissions between users and the website. There’s no catch either – once it’s on, your site is secure for the duration of the certificate.

Some certificates can be used for subdomains of your main site and others for multiple domains. The newest and most secure type is the EV (Extended Validation) SSL certificate. The EV validates domain ownership and the organisation's information and physical existence. This adds an extra layer of security and instils a lot more confidence in the user, assuring them that they can safely browse your site. You can have a look at the full list of the different types of certificate here.

You can regularly test it

You’ll also want to check the rating of your certificate as they are not all created equally. SSL Labs has a great blog that goes into detail of these differences as well a quality tester so you can check your current certificate. Once you’ve got your certificate, installing it on your web server is easy and you can be secure and running within an hour.

You can buy certificates from Certificate Authorities however each browser has a list of CAs it trusts. Costs for certificates will also vary depending on who you go with so if in doubt, talk to your server provider.

Increase your ranking and speed

It’s not just the security increase that your website can benefit from. Google now uses HTTPS as part of its search algorithms so if you use HTTPS your site will appear higher in Google’s rankings. Google has also introduced HTTPS changes into its Chrome browser. The browser will now actively notifies users whenever a standard HTTP connection is used with a ‘Not Secure’ warning in place of the green padlock before the URL.

Back end developers will also be happy to know that as part of the upgrade from HTTP to HTTP2, HTTPS connections will have a significant speed advantage compared to the non-secure HTTP. Though not widespread, HTTP2 will be fully rolled out within the next couple of years so being prepared will give you a seamless transition plus a decent speed advantage.

You can check out the speed comparisons here.

Is it worth it?

There’s no reason to not use HTTPS for your site. You can even try it for free – Let’s Encrypt is a non-profit organisation which gives you a free 90 day SSL certificate to see the difference for yourself. You can even auto renew if you’re happy with the certificates performance!

Upgrading your site to HTTPS enables it for the future of the web – data privacy is, and continues to be, a major issue.

Do you think SSL certificates are essential? Let us know in comments below.

comments powered by Disqus

Articles by Matthew Mirzai

Two time Enjoy Digital Mario Kart 8 Champion, I'm also a back end developer specialising in Umbraco.