Google recently announced that its Chrome browser will start warning users that standard HTTP web pages are not secure. This change should take effect with Chrome version 68. The move continues Google’s long-term effort to encourage website owners to implement SSL security.
As a result of the news from Google, companies now must scramble to add security to their websites, even when their pages don’t transfer sensitive information. Businesses that fail to convert their HTTP sites to HTTPS risk losing website traffic and suffering damage to their reputations.
What is HTTPS?
When an internet user visits an “ordinary” website, a hacker or snoop can view all the information sent between that site and the user’s web browser. For a long time, this has posed significant security threats, especially when people share their personal information with a website.
Website owners who want to inspire confidence can purchase an SSL certificate that attests to the authenticity of their site. The certificate also creates encrypted connections between the website and visitors’ web browsers. This means that no one can see the information being exchanged.
When you see the URL of a secure website, it looks different because it starts with HTTPS, not HTTP. Additionally, web browsers will usually display a green padlock or another indicator that assures you that your connection is secure. In Google Chrome, you should see a green padlock and the word “Secure” to the left of the address bar.
Benefits of HTTPS
So, by using HTTPS rather than HTTP for your WordPress site, you avoid displaying the troubling “Not secure” message in your visitors’ browsers. Additionally, you will probably improve the performance you get from website forms such as newsletter signups. Similarly, your visitors may consider buying something from your site, if they know their information is secure.
In addition to boosting security, HTTPS can improve the SEO performance of your website. For several years, the Google search engine has recognized HTTPS as a ranking factor. This means that an HTTPS website will appear higher in search results than an insecure site.
Migrating from HTTP to HTTPS
Now that you know what HTTPS is and how it helps you, your next step is to implement it on your site. You can complete the migration from HTTP to HTTPS in a few simple steps.
Get started by buying an SSL certificate. Before spending any money, check with your web hosting provider. Many popular Canadian hosting providers, such as CanSpace and HostPapa already include SSL certificates in their hosting plans. If not, you can buy your certificate either from your web host or from a third-party SSL provider, such as GoDaddy.
When you receive your activated SSL certificate, follow the directions that came with it to install it on your web hosting account for your domain. When finished, you should be able to access your site by typing HTTPS rather than HTTP.
Next, follow the instructions from your web host to ensure that all HTTP traffic to your domain gets automatically redirected to HTTPS. This will prevent people from typing in your old HTTP address, and see the browser warning when your content loads.
For websites running on the popular WordPress platform, your next step is to update your site URL from HTTP to HTTPS. Also, update all your image URLs and file links to HTTPS to prevent web browsers from displaying a “mixed content” warning. You can do this by manually checking each URL and making the necessary update. Alternatively, you can also use a plugin such as Really Simple SSL to automatically convert all HTTP URLs to HTTPS.
In conclusion, Google’s move to have the Chrome browser declare that all HTTP websites are insecure means that you should act right away to acquire and install an SSL certificate. When you do, you will give your visitors the peace of mind they deserve while benefitting from better performance in search results.