On 7 August 2014, Google announced that their algorithm will give a slight ranking boost for websites on https. The reason behind this move was their desire to make the internet safer for those who access other websites from Google.
However, given that https was just a lightweight signal, affecting less than 1% go search queries globally, webmasters who jumped on the news then and migrated from http to https generally reported negligible ranking benefits. Many others therefore procrastinated making the move as there appeared to be no visible benefit and only risk, as improper implementation can result in ranking drop.
Still Google was adamant about their vision of seeing HTTPS everywhere. So in October 2017, through their Chrome browser, they begin marking on the address bar, webpages that collect information via webform as “Not Secure”. They further up the ante in July 2018 when they started marking all non https websites “Not Secure”, regardless of whether these websites were collecting information or not.
With Chrome leading the way, all the other major browsers, like Safari and Firefox followed. Today, if your website is not on https, all major browsers will mark it as “Not Secure”, which in turn may discourage some users from visiting your site.
What is HTTPS?
HTTPS stands for Hypertext transfer protocol secure and is the secure version of HTTP, a web protocol for the data transfer over the internet. HTTPS secures a web connection between the user’s browser and the website he is visiting by adding encryption, authentication and integrity to the data transfer process.
In layman terms, the data shared between a user and the website is protected by encryption from the prying eyes of hackers in what has been come to known as man in the middle attacks.
Benefits of HTTPS
Lightweight Google Ranking Factor
Though currently a lightweight signal that is unlikely to give you much of a ranking boost, Google has indicated that the weightage placed on https may increase in future. And as more websites adopt the https protocol, there may come a time in the not too distant future where websites not on https may be negatively affected, SEO wise.
Prevents “Not Secure” Warning
Any website currently not on https is marked as “Not secure” on Chrome and all major web browsers. This marking is clearly shown on the address bar and may deter visitors from visiting your site.
In contrast, sites on https are rewarded with a lock on the address bar, thus increasing the confidence and trust users will place on your website. And increased trust usually leads to better conversions and profits for the site owner.
In addition to marking websites as “Not Secure”, Chrome, from version 85 onwards has upped its ante on mixed content (i.e. https pages with links to http content such as images or links). How? By preventing users from downloading certain categories of mixed content.
Mozilla too have upped their game, with an optional HTTPS-Only mode introduced in Firefox 83.
From these developments, it can clearly been seen that the days of http websites are numbered and for the sake of future compatibility, non-https website owners should consider migrating their websites to https.
Prevents Man In the Middle Attack
Unlike http where data is sent via plain text, data packets sent over https are encrypted. Even if a hacker were to eavesdrop on the connection, without the private key, the hacker will not be able to decrypt the data, thus protecting it from prying eyes. This is especially important if the user is performing a banking transaction or making an online purchase on an eCommerce site, where credit card information is being transmitted.
But even if yours is not an eCommerce website, without https, it is possible for a hacker (the man in the middle) to inject his own content onto your site, tricking your customers into making unauthorised or fraudulent transactions with him. Https eliminates this possibility.
What You Need to Know
In the past, the cost of securing a SSL certificate needed to implement https was prohibitive to some and thought of as an unnecessary expense to many others, especially if theirs is only an informational website rather than an eCommerce one. But these days, cost is no longer a factor as it is now very easy to get your hands on free SSL certificates. cPanel, from WHM 58 onwards have included AutoSSL in their service offering and there is also Let’s Encrypt, an organisation providing free SSL as a public service for the benefit of all.
As such, we strongly suggest that everyone builds their new websites on https. As for owners of existing non-https websites, it’s time to seriously consider a https migration as well. However, just to be safe, do ensure you engage a web developer who understands SEO, as the risk of a ranking drop is still there if a site is improperly migrated.