HTTPS secures the connection to the website you are visiting. I’m sure you have seen this in action; look at the address bar in the browser and find the lock icon on the left-hand side. Is the lock closed? Then the connection is secure. Is it open or is there another type of icon or message? Then it’s not secure and vulnerable to attack. Using a site over a non-secure connection means hackers/criminals could intercept the data you send to the site, like your password and email address. Here, I’ll explain what HTTPS is and why it plays a role in (technical) SEO.
HTTP vs HTTPS
When you type in a URL in the search bar, your browser asks the site for its IP address – for instance 123.456.7.89. This number is the actual address that a site gets online. The browser connects to this number in the hopes this is the correct site. This is all done in plain sight and there is no encryption to be seen, so everyone can intercept this traffic. So when you want to log in to a site that you connect to via an HTTP connection, the data you enter – username and password – is sent in plain text. Trust me, that’s really bad. Think about what would happen if you’d connect to your bank this way.
HTTPS secures this process. HTTPS encrypts the connection between the browser and the site, therefore making sure that no one can intercept the data sent between those two. Every site that wants to secure itself needs a so-called SSL certificate. The browser checks the certificate of the site and verifies its legitimacy with the company that issued it. If you want to see who issued the certificate, please click on the lock icon. By using HTTPS, sites not only secure your login procedure and personal data but also what you do on a site and which sites you visit.
Besides securing the web, HTTPS is necessary for sites that want to upgrade to a new, safer and much faster internet protocol called HTTP/2. HTTP/2 includes different new technologies that make sites a lot faster to load.
Value of HTTPS for the user
Everyone has the right to privacy on the web. We are doing so many mission-critical things on the web these days that we can use any kind of security we can get. An ever-increasing number of websites is making the move to HTTPS. In the screenshot below, you can see that at the moment, 61% of the sites that Firefox loads are being sent over HTTPS (stats by Let’s Encrypt). HTTPS is a must for any type of site, even if you own the bakery around the corner and don’t send or request sensitive data via your website.
Value of HTTPS for SEO
In 2014, Google announced that HTTPS would become a ranking signal. Today, your rankings will hardly change when you activate HTTPS. But it’s not just about rankings as much as it is about user experience and gaining trust with your future customers. It’s inevitable that we are moving to an all-HTTPS web. It is, therefore, incredibly important that your site makes the switch to HTTPS in the coming year.
Several browsers now show ‘not secure’ messages when your site doesn’t have an HTTPS connection or when you try to send data via HTTP on your HTTPS site. Don’t forget, it’s easy to scare off visitors! Wouldn’t you switch over to the site of a competitor when you’d see something like the ‘not secure’ message in the screenshot below?
Make the switch to HTTPS
A few years ago, switching to HTTPS was a major undertaking. Some big sites waited years to do it because it came with several challenges, like speed issues and the cost/benefit issue. These days, while still not easy, it’s manageable. If you’re planning to make the switch to HTTPS, be sure to make a checklist so you don’t forget anything during the process.
Joost shared some advice in a recent Ask Yoast video on moving to HTTPS:
Forcing HTTPS is something that you need to test really well. There are all sorts of things in your site that probably aren’t HTTPS ready that you should know of upfront. I know it was a lot of hard work to get yoast.com to HTTPS and we don’t even have ads. Especially ad services can be really tough to get working on HTTPS.
The Let’s Encrypt project — which Yoast proudly sponsors — issues free certificates to anyone wanting to secure their site. Several web hosts even offer free Let’s Encrypt services that make the installation of a certificate as easy as pie. That is, however, only one piece of the puzzle. On Google’s Secure your site with HTTPS site you can find more information on best practices. We’ve written a guide on moving your site from HTTP to HTTPS. If this stuff scares you it is best to hire an expert!