HTTP to HTTPS: Why you need HTTPS for your website, today
by Merrily Chopp | April 27th, 2016
Think you don’t need HTTPS for your website? Well, you do. Even if your site does not sell products via e-commerce, web security risks exist for plain HTTP connections. And search engines are starting to lower non-HTTPS sites in search ranking. Even the US government is moving all their sites from HTTP to HTTPS. Here’s why you should, too.
Why Move from HTTP to HTTPS
Without HTTPS, a user’s connection to your site can easily be monitored or modified. Non-HTTPS connections could even allow your site to be impersonated by a hacker.
According to CIO.gov, a properly-configured HTTPS connection guarantees three things:
Over HTTPS, a visitor’s connection is encrypted. This obscures their stored cookies and other sensitive user data.
HTTPS ensures a visitor is talking to your “real” website, not to an impersonator or a “man-in-the-middle” who stepped in.
HTTPS connections mean data sent between a visitor and your website has not been tampered with.
In addition, there are some newer incentives emerging that make moving your site from HTTP to HTTPS even more important.
- HTTPS for SEO
One of the biggest reasons besides security to move to from HTTP to HTTPS is that Google may soon start penalizing non-HTTPS sites in search results.
- HTTPS for User Experience
Browsers are starting to design more noticeable security icons for the address bar. Users are going to get accustomed to an icon that indicates HTTPS, and may suspect your site if it doesn’t have it.
- HTTPS for General Security
In principle, all form submissions should use SSL/TLS by default, even if there is no explicit compliance requirement. Those requirements are based on universally acknowledged best information security practices. If the data your site is handling is confidential in any sense, you should be using these same practices. This is especially relevant when credentials or other personal information are being passed over HTTP.
Want to know more about this topic? Read my entire HTTPS post over on Medium. Over there I answer questions, such as:
Is there any particular type of organization that should care more about having HTTPS than others?
If I don’t offer e-commerce, why would I want HTTPS on my site?
What does upgrading to from HTTP to HTTPS involve?
How does moving to HTTPS fit into an overall security plan/update?
What is the cost to upgrade to HTTPS?