Open in app

Sign in

Write

Sign in

Change Your Website From Zero to Hero

Tomek Rudzki
Onely
Published in
6 min readSep 26, 2019

You more than likely know that the two most popular protocols used for communicating between users and web servers are HTTP and HTTPS.

HTTPS is a protocol that allows two systems to communicate with one another securely. HTTPS stands for “Hyper Text Transfer Protocol Secure.” It is not the same as HTTP.

If your website uses the HTTP protocol, all the exchanged data can be read (and modified!) by third parties (Internet Service Providers, network administrators, hackers).

When you use HTTPS, your data is encrypted. This means third parties can’t read the exchanged data.

Using HTTP is like sending an important letter in an unsecured envelope. In contrast, using HTTPS is like sending important documents by courier, in a safe which only you and the receiver have the combination to.

Despite the fact that HTTPS is getting more and more popular, only 48% of the top 1M websites use an encrypted connection (as of September 2019).

In this article, I would like to give you SIX inarguable reasons why EVERY website should move to HTTPS.

Want to know more about HTTP, HTTPS and the rest of the URL? Then this video is for you:

1. Google Chrome Marks all HTTP Websites as “Not Secure”

Chrome has marked all HTTP websites as not secure— with no exceptions!— since the release of Version 68 on July 24, 2018.

This is a pretty big deal.

If you have an HTTP website and your clients receive information that YOUR website is not secure, it will definitely diminish the users’ trust in your business. Currently, 6 out of 10 internet users use Chrome and it’s growing. So you can expect 60% of your users will see that your HTTP website is NOT secure.

2. SEO Boost

HTTPS has been a confirmed as an official ranking signal in Google Search Engine Rating Pages since August of 2014.

For now, using HTTPs will give you a bit of a boost in Google’s rankings, and it will most likely increase in the future.

In Google’s official announcement it reads:

“ . . . over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”

Note: you may notice a temporary negative side-effect while migrating.

This is because Google has to recalculate all the SEO signals. However, if you do the migration properly, you should be fine in the long term.

3. It’s Very Easy to Hack an HTTP Website, Even for a Child

When you have an HTTP website and your users connect to it in public spaces, anybody can hack it, even a 10-year old. It’s as easy as installing a special browser plugin or tools like WireShark. That’s it.

If an attacker is connected to the same WiFi network as you, they can have access to all the HTTP packets you send and receive. They can:

  • see exactly what content you’re viewing, which articles you read, what type of movies you watch on the internet, etc.
  • steal your login credentials.
  • inject malicious code.

All of this is much more difficult if the connection is secure (HTTPS).

4. Preventing Data Tampering

If you use an HTTP connection, internet service providers, or WiFi Hotspots can inject their own ads (and malware!).

As far as I know, this is against the law. But, it’s happening, as can be seen in articles like “Chinese ISPs Caught Injecting Ads and Malware into Web Pages” and “Comcast’s open Wi-Fi hotspots inject ads into your browser”.

Theoretically, if you use an HTTP connection, it’s very easy for governments and Internet Service Providers to spy on the content your visitors are viewing. I wrote “theoretically,” because, despite the fact that it’s technically possible, I have no clear evidence that any government has done it.

But, it’s not science fiction. Let me quote James Donohue, a developer at BBC News:

“HTTPS makes it far more difficult for ISPs to track which articles and videos you’re looking at or selectively suppress individual pieces of content. We’ve seen cases outside the UK with some of our World Service sites where foreign governments have tried to do this.”

5. If you Use HTTP, Google Analytics May Show the Wrong Data

Google Analytics is a great web analytics service. But, did you know that if you have an HTTP website, it may classify some Referral traffic as Direct and lead you to the wrong conclusions?

Why? Because of the way internet protocols work, the referrer’s data is not passed if a user visits a secure (HTTPS) website and clicks on a link pointing to an unsecured (HTTP) website.

6. HTTPS is the Future of the Web

If you want to implement the most recent technologies like AMP, HTTP /2, or PWA, it’s required to have an HTTPS website. Let me explain what these acronyms stand for:

  • AMP (Accelerated Mobile Pages) — is a project designed to improve the performance of web content. AMP allows you to create lightweight pages intended for mobile devices. AMP pages consist of HTML and limited CSS. Only asynchronous JS scripts are allowed on AMP. Major Content Management Systems, including WordPress support AMP. For now, it is used by 25+ million domains.
  • HTTP/2 — is a relatively new internet protocol (used by 40.9% of websites (as of September 2019). It provides many performance improvements over the 18-year old HTTP 1.1 protocol. If you want to use HTTP/2, you have to have an HTTPS website.
  • PWA (Progressive Web Apps) —is an emerging trend of creating websites that act like apps (they respond quickly after user interactions, and load fast even when using a slow internet connection).

Caution, Please!

Although there are many advantages of using HTTPS, implementing it is not as easy as clicking Enable HTTPS.

  • First of all, you have to set up 301 redirects from HTTP to HTTPS and update all the internal linking to avoid redirect chains.
  • Prepare to fix mixed content. If you have an HTTPS website and use images hosted on HTTP, they may not appear because of mixed content issues.
  • HTTPS requires more computing power, so if you have a big website, you will pay more for hosting. Be prepared.
  • Using HTTPS is very important, but it will not make your website 100% secure.
  • Implementing HTTPS may make your website slower. You can mitigate this by using resource hints like dns-prefetch and by implementing HTTP /2.

Despite the aggravation, migrating your website to HTTPS is definitely worth doing.

You may want to read about how big brands like BBC and The Guardian implemented HTTPS. And another interesting resource can be found here.

Wrapping Up

I hope it’s now obvious that every professional website should migrate to HTTPS. It should also be stressed that moving to HTTPS is much easier than it used to be.

If you have a small website, you can even get your SSL certificate for free by using Let’s Encrypt or CloudFlare.

The takeaway is clear: move your website to HTTPS as soon as possible.

Want to know more?

Website Security
Technical Seo
Website Performance
Search Engine Optimizati
Website

--

--

Tomek Rudzki
Onely

Written by Tomek Rudzki

9 Followers
Writer for

R&D Specialist & Technical SEO @onely

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams