HTTPS And SSL Explained

The topics we are going to cover include:

• What Is HTTPS and SSL
• The 3 Benefits of SSL
• The 3 Types Of SSL
• Googles Goal
• Where Are We Now
• Conclusion

For those who prefer watching to reading

What is HTTPS and SSL?

Everyone is familiar with seeing in the address bar of your browser the http://mydomainname.com, but do we know what the http bit stands for? Most people probably not.

HTTP -  Stands for Hypertext Transfer Protocol and this is basically a standard way for your computer to communicate with another computer via your browser, whether that is Google Chrome, Firefox, Safari or any of the numerous other browsers out there. HTTP has developed over the years, which is why you can do a lot more fancy stuff while surfing the internet than you could just 5 or 6 years ago.  But HTTP is still an unsecure way to transfer data between your computer and the server, any data transferred by HTTP is open for anyone to see and some people can actually change it or copy it. So as we started to use the internet for more and more things, other than watching crazy kid videos, things such as banking, there had to be a way to secure this data transfer. So they gave it the catchy name of HTTPS.

HTTPS - Stands for Hypertext Transfer Protocol Secure, did you guess it right? So this is the standard way for your computer to communicate with another computer via your browser but securely. To perform the security bit HTTPS uses a security layer called SSL (Secure Sockets Layer) and in simple terms what this does is add whats known as End to End Encryption, so that only your computer and the web server you are connecting to can actually decipher the data.

The 3 Benefits Of SSL

1. Privacy - because your data is encrypted that means that no third party can “listen” to your conversations, track your activities or steal your information. Which is good when you are transferring money to and from your bank account.
2. Data Integrity - If anyone tries to modify or corrupt the data during transfer then when it gets to the other end to be decrypted it will cause an error. So no one can change the data you have sent without it been detected.
3. Authentication -  If when it gets to its destination and it is successfully decrypted then it proves that you are communicating with the genuine site. This obviously prevents “man-in-the-middle attacks” and builds a users trust of your site. We will all have had an email from our "Bank", even if you don't have an account with them. The emails look genuine but when you click on the link you notice straight away that the address in the browser is not the address of your bank.

The 3 Types Of SSL

There are 3 types of SSL certificate that you can get but for the majority of businesses you will only need the first one, but I wanted to mention the others just for completeness.

1. Single Domain SSL (Single Name) -  As the name implies this SSL certificate protects a single domain. Its perfect for your simple and straightforward content based local business or E-commerce sites where all of the transactions occur on a single domain. This is usually the cheapest.
2. Multi Domain SSL (SAN) - Again as the name implies this SSL certificate protects multiple domains. SAN stands for Subject Alternative Domain. It gives you more flexibility in that you can buy one for a set number of sites even if they don't exist yet, but once you put them up they will be protected by the SSL certificate.
3. Wildcard SSL - This is usually the most expensive as it protects all of the sub domains on a single root domain or a host.

Googles Goal

Google has had a goal for a number of years to make the internet a more secure place. So HTTPS is Googles vision for a secure web.

Google actually started to try and secure the internet back in 2014 when they stated to Webmasters that HTTPS would become one of their ranking factors. Insinuating that sites that have HTTPS would rank higher than those that only have HTTP. This was initially there way to get the Webmasters to implement HTTPS.

Backlinko analysed 1 million search results and found that HTTPS did have a strong correlation with first page rankings. But before you get all excited and think that all you have to do is to add SSL to your site and you will rocket to page one, sorry but it isn't that easy. What it mean is that if you are competing with another site and yours has HTTPS and theirs is only on HTTP then you will win that race.

Where Are We Now?

So 3 nearly 4 years on what is the state of play? Well according to Ahrefs there is still 65% of websites that don't have HTTPS or have it set up incorrectly. So even though the majority of sites on page one do have HTTPS there is still a huge number out there that don't have it.

In October 2017 google started applying a bit of pressure for Webmasters to add SSL to their sites. They did this by making a warning pop up inside Google Chrome for any site that doesn't have HTTPS. Any site that doesn't have HTTPS will now show the not secure warning inside Google Chrome.

Now why is this important to you?

Because when a visitor lands on your site if it is not secured on HTTPS then they will see the "Not Secure" message in the top corner of their browser, and if you website has a contact form or request a quote form etc. and the visitor clicks on the warning Google will show the message "This site is insecure do not enter personal information".  As everybody these days is very sensitive about their security online what sort of impact do you think that will have on you building trust with your visitors and then turning them into customers.

If you have your site connected to Google Search Console, which you should have and Google Analytics, but thats another video and post you can find at Google Analytics - Connecting Your Site. Google will have sent you a warning telling you that your visitors will get these security warnings and your site will be listed as not secure.

You might be thinking but its only Google Chrome so I don't need really bother about it. Its not as Firefox has already started to add it to there browser, so the other browser will no doubt be following suit. But even if it was only Google Chrome as over 50% of searchers use Google Chrome to search with it could still cause big problems for converting the visitors to your site into customers.

Conclusion

So that is what HTTPS and SSL is and why it is important to get it installed on your website if you haven't got it. Even if it is not much of a ranking factor think about if you clicked onto a site that was on the top of page one and you saw that it was insecure would you stay? or would you go and find a secure site?

If you don't have a webmaster looking after your site can you add SSL to your site yourself?

The answer to that will depend on how technical minded you are, and the host you are with some are a lot better than others. There are a number of videos on YouTube which will tell you how to install it, which is why I haven't created one.

Just one point to be aware of some of the hosts will offer a FREE SSL certificate from a site called Lets Encrypt. Lets Encrypt is a non profit company whose goal is to make the Web a safer place. But the big difference between a paid certificate and the free one from Lets Encrypt is the time frame. With a paid certificate it is just like when you bought your domain you can register it for a number of years. The free certificate from Lets Encrypt has to be re verified  every 90 days, if you forget then your site reverts back to being just HTTP.