Many people know that when you go to a website, the URL will usually begin with either an “http://” or “https://” before the actual domain name. Understanding what those letters mean has been fairly unnecessary for most of the existence of the modern web. However, now that Google has become much more interested in encryption and security on the web, knowing the subtle differences between these two little acronyms has some relevant meaning. If you have ever wondered what those 4 or 5 little letters mean at the beginning of a url or website address, then please read on.
What is HTTP?
HTTP stands for HyperText Transfer Protocol. It’s a nice way of telling your browser how to handle the URL/site you are requesting. Your browser can handle quite a few different protocols, including, but not limited to; “HTTP”, “HTTPS”, “FTP”, and more.
What’s so special about a letter?
What is amazing, is the power that one letter has over how the world will view your website. The difference between “http://” and “https://” is that the “s” stands for secure. By secure we mean that any information that is passed between the browser and that website is encrypted, ensuring others cannot intercept that data as it’s being transmitted. This is great because if you are collecting any information from a user on your website, providing a layer of security makes them feel more secure about sending that information out through a form and out over the web. Without the “s”, your users are sending their information out into the world without any sort of protection or encryption. This all begs the question, “Who’s looking at your user’s info”?
Adding to Your Vocabulary
Getting the “s” requires purchasing what is called an “SSL” certificate, which stands for Secure Socket Layer. This certificate allows your browser and the server you are connected to to create a secure encrypted connection, allowing data to safely and securely pass back and forth. You may be asking how one gets one of those fancy “SSL” certificates. The answer, as with much on the web, is multi-faceted. There are a few web hosting providers out there that have been given the authority to “vouch” on your site’s behalf and say that your site is safe to create a secure connection with. So, getting an SSL certificate with them is just a matter of having monthly hosting services with that provider. Once installed, it will allow browsers to make that secure connection, and off you go, feeling more secure about everything web-related. If your hosting company does not provide the service then you have to go to a company that can issue the certificates and have a web designer or someone who understands the process setup the SSL certificate.
So, at this point you may be thinking, “I don’t collect any sensitive information, so I shouldn’t need one of those certificates, right?”. Well, in the past; yes, that would be true; however with the new changes that Google is implementing, the internet giant has started “shaming” non-secure sites by placing a “not secure” message next to the site address in the URL bar.
Then, in the future—Google is not saying exactly when yet—Chrome will flag all sites that don’t use TLS encryption as “Not secure” and also display a red triangle indicator, which Chrome already uses when users go to a dangerous website.
What Google is essentially saying is this: “Even though you aren’t collecting any information, your site should be secure, and if it isn’t secure we’re going to let everybody know that”. As if telling the world that your website isn’t secure wasn’t enough, Google is taking things one step further and listing HTTPS as a ranking factor for organic SEO.
Getting Your “S”
So, you’re starting to understand what SSL means and have decided that you need the power of the “s” for yourself. First off, good choice. Second now you have to figure out, “How do I get an S”?
There are a few ways to achieve this. The easiest is usually to contact your web host and have one created for you and installed on your site (beware as there is varying cost associated). Some providers even work with Let’s Encrypt, an SSL service which allows you to get a free certificate for your personal use. That tend to be the easy part.
Once you have an SSL Certificate, do you go to your site using the “HTTPS” and see the green lock? No, unfortunately just having the certificate is not enough to make a site secure. Some of the steps still required after getting your Certificate installed will be:
- Updating all links on your site to point to the “https://” version of each page ( your site isn’t secure unless all assets, images, files and scripts it uses are also utilizing the “HTTPS”. )
- Changing your site to force the “https://” protocol to load so it doesn’t still go to the “http://” version of the site
- Add any necessary redirects to go to the new secure URLs
- Update your domain in Google’s search console and resubmit your sitemap ( this will help greatly with SEO and maintaining your current traffic )
As you can see, there is quite a bit to do to update to the power of an “S”. However, it’s a process that should only need to be done once and then you are secure in the knowledge that your visitors are safe and will (metaphorically) thank you for having their security in mind.- - -