HTTPS: what it is and why you need it

What is HTTPS?

HTTPS (Hypertext Transfer Protocol Secure) is the secure version of HTTP which is the protocol used to transfer data between web browser and web servers. When you visit a site with HTTPS and type information into form fields the data is encrypted while it travels to the server.

What is the difference between HTTP vs HTTPS?

A screen shot from Google Search Console showing that some pages are not served with HTTPS

The main difference is that the data sent via the older HTTP protocol is not encrypted and can be read and understood by any third party trying to obtain the information. This is especially problematic for sites like e-commerce sites which require the transfer of sensitive user data like credit card information, names, addresses etc.

Why is it essential for my site?

Apart from the fact that you obviously want to protect your users from ill-intentioned hackers, HTTPS has quite simply been made obligatory by Google. The search engine made the use of HTTPS obligatory several years ago and now any site that doesn’t have it is blocked by the browser and a page is displayed indicating that the site may be dangerous.

IMPORTANT: If you don’t have HTTPS installed your site will not rank in search results!

How can I tell if my site uses HTTPS?

The simplest way is to look for the padlock in the address bar of your browser. Often the protocol “https://” is not displayed but if you click on the address it is added on at the start.

You can check if all the urls on your site use it correctly in two ways :

  • Use site crawler software (for example Screaming Frog) which will give you a list of every single url on your site
  • Test random pages in your site by removing the “s” from “https://” and hitting enter. It should refresh from “http://” to “https://”.

How do I install HTTPs on my site?

If your web site doesn’t have it then you need to look at your hosting plan dashboard, as most hosting has HTTPS available, usually for no extra charge. If it’s not an option then you need to change hosting providers. In the hosting account dashboard look for “https” or “SSL certificate”.

What is an SSL certificate?

An SSL certificate is a kind of digital ID card that needs to be installed on the server to enable it to prove its identity and create a secure encrypted connection.

If your page urls don’t refresh automatically from “http://” to “https://” then you need to talk to your site developer or administrator.

More information