What is HTTPS?

Many normal website URLs start with HTTP:// which specifies the standard language for a browser to download a website.

Unfortunately, that’s not secure enough to protect things like your login to your bank or any other site where you share important information like credit card numbers.

A secure site begins with  HTTPS://. HTTPS encrypts all the data between the browser and the website, protecting it from prying eyes. You should always check before filing out forms with sensitive information; the easiest way is to look for the green closed padlock symbol to the left of the URL.

What if my site doesn’t take credit cards?

It feels like it shouldn’t matter for a small business website that never asks for anything sensitive like a social security number or credit card. Therefore, why bother? Why spend money to change your site?

Because Google cares! As far back as 2014 Google said they were using it as a ranking signal and that they would weigh it more and more heavily as time went on.

Moz reported in 2016 that the portion of HTTPS sites on the first page of Google results had increased from about 5% to about 30%. Surely it’s even higher now.

Why small businesses need HTTPS

As a small business owner, you understand how tough it is to compete with larger, more established competitors. Every little thing that helps you rank better against them is critical to your business.

Even though HTTPS is not yet one of the half dozen strongest ranking signals on Google, it’s getting more important day by day. I believe now is the time it’s become important enough that it needs to be addressed, and earlier this year I converted this website to HTTPS.

Even your local small business competitors may be getting the jump on you by securing their own websites. You don’t want to be late to the party. Just see how widely this has become a “best practices” tool for you.

• HubSpot offers 5 Reasons Why HTTPS Should Be Enabled on Your Website
• Yoast explains it all as an essential “SEO Basic”
• Search Engine Journal considered it part of the 4 Most Important Ranking Factors
• SEMrush published a panel discussion on HTTPS as a Ranking Signal

How tough is it to do?

Here are the three steps involved, thanks to Amy Gideon at TAG Online, Inc.

Step 1: Obtain a secure certificate.  The type of certificate can vary depending upon your hosting company and the level of security you want and need. So make sure to first check with your web hosting company on what type of certificate you need.

Step 2: Once the certificate is installed, update your site to ensure that all links within the site are relative That means if your site displays an image called photo.jpg, the code that makes that image appear should be (assuming the image resides in the main directory): <img src=”/photo.jpg”>  as opposed to <img src=“http://www.yoursite.com/photo.jpg>. This is good practice for many reasons, but it also prevents the site from loading non-secure images, as the “http://” prefix will no longer work and would be insecure. Also update your site to ensure that there are no links or references that display content (PDFs or images, for example) linked from outside sites that are not secure. Here is a link to a tool that will scan your website for non-secure content: https://www.jitbit.com/sslcheck/.

Step 3: Test your site using HTTPS: if the green lock appears in the browser, then you can ask your web hosting company to redirect all requests to HTTP to now go to HTTPS.

Whether you’re a do-it-yourselfer or have your webmaster  do it, it’s time and effort well spent.

Comments, opinions, and disagreements are all welcome below. Join the conversation!

Need help with this or other aspects of optimizing your website? Give us a call.