HTTPS stands for Hypertext Transfer Protocol Secure. It is an extension of HTTP, the communication protocol that governs the majority of transactions between browsers and servers on the Web. The “Secure” component of HTTPS attaches to the former protocol a certificate of authenticity and encrypts the data exchanged between the parties. HTTPS can be referred to almost interchangeably as SSL and TLS.
What does HTTPS do that HTTP doesn’t?
From a user’s perspective, HTTPS…
- guarantees that your interlocutor on the network is who it says it is.
- ensures that no data is lost during transfer.
- makes it virtually impossible for anyone to intercept, or listen in your communication.
Does HTTPS work with everything?
Yes. HTTPS can be setup on any server. HTTPS has been around since Netscape invented it in 1994 and is built in every web browser since before its standardization in 2000.
WordPress users should check out Backbay’s current offer: You might save yourself both money and worries by upgrading to HTTPS with the help of Backbay’s services.
Will HTTPS affect the users of my website?
Barely. Once the protocol is in place and the communication is established, the user’s browser will display an indicator to the effect that the server is authenticated and that the exchanges are secured. In most case, this indicator takes the form of a padlock-like icon in the URL bar of the browser. Otherwise, from a user’s point of view, there is no visible or functional side effect to using HTTPS.
Do I absolutely need HTTPS for my website?
No. There is no technical, legal or business-related requirement to install HTTPS, unless your site:
- engages with its users through a form to collect personal information
- presents information that is confidential
- needs to establish a trusted relationship with the user
This being said, while not strictly speaking an absolute necessity, there is no reason why anyone should be lenient with security and skip HTTPS.
Can I install HTTPS myself?
Assuming that you have access to your server configuration and enough knowledge about the technical aspects of web server technologies, then the answer is yes. Many popular hosting services recently started to offer a one-click solution to converting your site to HTTPS.
What does it cost to upgrade to HTTPS?
It varies. There’s no cost to upgrading to HTTPS per se. However, in order to install the security layer, you are required to provide a digital certificate of authenticity. Such certificates are typically issued by a third-party and require a recurring (annual) payment. However, recent advances in technology allow administrators to install self-generated certificates without the need of going through a third-party — making those virtually free.
Though the cost is minimal, the process of moving to HTTPS requires a relatively complex server configuration, which can be time-consuming. Last but not least, the upgraded website will need to ensure that every resource displayed is also secured. In most cases, this means that some markup code will need to be adapted .
What are the downsides of HTTPS?
None significant. There are very few issues related to HTTPS:
- The amount of computational power on the server side is increased, mostly due to the fact that data is now being encrypted/decrypted at every stage
- Some older browsers will refuse to cache the files and resources transferred via the secure layer, making them impossible do download.
In the vast majority of cases, these issues are not significant or a cause for concern.
Will an upgrade to HTTPS affect my ranking on Google?
Yes. While HTTPS is only one of many ranking factors for Google and its peers, it plays a key role in ensuring that the data that those engines collect is authentic.
Can I just pay someone to do this for my site and forget about it?