Does Your Website Really Need HTTPS?

by Will Moody

Does Your Website Really Need HTTPS?

I now believe it’s a good idea for all businesses to secure their websites with 'https', this has changed over the recent past, with Google now placing more emphasis on 'https' as part of the overall ranking algorithm.

There are other reasons for going to 'https', these include :- 

As from October 2017, Google Chrome has started to warn people that your site is not considered secure without a valid 'https' certificate, with the imminent launch of Googles Chrome 68 browser this will become more apparent as the below warning will be displayed.

Chrome http not secure

Visitors to your website will have more trust and confidence in a 'https' site, you will probably see a lower abandonment rate.

Google now states that a 'https' site will win over a 'http' in a tie-breaker situation as far as rankings go.

What exactly is 'https' is and why I’m now recommending 'https' and how you go about implementing 'https' on your website.

HTTPS stands for ‘HyperText Transfer Protocol Secure’ (or 'https' or 'https over SSL) and it is the internet standard for secure communication between your browser and any web server.

In most cases now you should not have to pay for a SSL certificate as most hosting companies now offer the 'Lets Encrypt' service,

I use and recommend Siteground as a hosting company and they offer a simple one click process to add a free 'Lets Encrypt' SSL certificate to your website hosted with them. There will be cases where it would be advantageous to purchase a full blown SSL certificate, such as if your website is a high volume shop.

Changes to make on your website once you have 'https'.

Once you have a https status for your website it will be necessary to make a few changes to your website, these are, but not exclusively:-

  • Register both domains HTTP & HTTPS in Google Search Console
  • Update the canonical tags to include absolute URLs using https.
  • Generate a new XML Sitemap with the URLs with https to be uploaded in the HTTP's Google Search Console Profile once the site is ready.
  • Prepare the robots.txt to be uploaded on the https domain version when the site is launched replicating the existing directives for HTTP, but by pointing to the https URLs if necessary.
  • Lastly check all pages display the padlock symbol

In conclusion, yes all websites should be https, this will promote a higher Google ranking and promote trust with users of your website. You may witness some ranking volatility initially after your switch, but once Google has re-indexed your website you can expect to rank at least as high or higher.