Having an unsecured website from this point forward could give you more issues than just Google. Your visitors may no longer trust your website. Learn why it’s time to secure your website. Wearewood can help.

Back in 2014, Google announced a call for HTTPS to be used by every website on the internet. Google has a desire to create a more secure internet, so you may be wondering what HTTPS and SSL are all about.

What is HTTPS?

HTTPS is the acronym for Hypertext Transfer Protocol Secure. It is a protocol used for secure communications over a computer network, like the internet. Communication over HTTPS is encrypted between the client and the server so eaves droppers don’t listen in, no one can tamper with the data, and your website data therefore isn’t forged.

What is SSL?

SSL is the acronym for Secure Socket Layer and is often used interchangeably with the term TLS – Transport Layer Security. Both are cryptographic protocols that help encrypt communications over a computer network. Typically, if a website wanted to encrypt the transmission of its data between the server and the client, they would purchase an SSL certificate that contains an encryption key that is placed on the server.

Why should you care about HTTPS and SSL?

In order to access most websites, the URL begins with “HTTP.” This is the unsecured version of the protocol that transfers data between the web server and the browser on your computer or smartphone.

Google sees 3 reasons for securing your website with HTTPS and SSL. They are “Authentication,” “Data Integrity,” and “Encryption.” These 3 reasons speak to a number of issues when it comes to communications over the web.

  1. Authentication addresses the issue of verifying the ownership of your website. Believe it or not, there are people out there that make replicas of websites and divert traffic to it in an effort to steal from you. Most people now know that they need to check for the Green Lock in their browser before entering personal information into the website. You can go one step further and verify the SSL certificate to make sure it belongs to the website you’re on.
  2. Data Integrity speaks to whether or not the data on the site has been tampered with while it’s in transit. If someone knows what they are doing and your website is not secure, they can tamper with the data transmitted from your server back to the client. The form submission that the client just sent could go to the hacker and not to you.
  3. Encryption refers to the security of communications between the client and the server so that no one else can read them. This is a key point for commercial websites. While it’s extremely important to encrypt the communications on an Ecommerce website, it’s equally important to encrypt the data submitted using forms.

What does an SSL Certificate Cost?

The cost for an SSL certificate will depend on your website’s hosting provider, who they buy the certificate through, and the type of certificate they buy. There are three types of certificates.

  1. A Single Domain – This type of SSL certificate is only valid on one domain URL.
  2. Multi Domains – Also known as a Universal Communication Certificate (UCC) this secures multiple domain names and multiple host names within a domain name. You would set a primary domain and can add up to 99 additional Subject Alternative Names (SANs) in a single certificate. This is great for businesses with multiple sub domains and URLs for different service, product lines or geographic locations.
  3. Wildcards – This type of certificate is for securing all of the subdomains you may have for a single domain.
    When selecting your SSL Certificate, please consult with your web host, marketing agency, and IT department to make sure you are selecting the right option for your entire business.

Wearewood are offering our clients a FREE SSL certificate with a one off £50+VAT set up charge to install and check all URL’s are using the https:// server correctly.

  1. FREE SSL, automatically renews monthly£50 admin fee
  2. Domain SSL @£49, renewable annually + £50 admin fee
  3. Extended SSL @£249, renewable annually + £50 admin fee
  4. Prices are subject to VAT at the prevailing rate.

What is the process of changing my website from HTTP to HTTPS?

At Wearewood we are prepared to help our clients make this transition as simple as possible with little or no interruption to your website. There are potential issues that can happen during this transition, which is why this is not a DIY project.

Below are a few updates we will need to make to get your website converted to HTTPS:

  • Help you secure the correct certificate for your website, if you are hosted with Wearewood.
  • Install the certificate on your website.
  • Update the configuration of your website to point to HTTPS instead of HTTP.
  • Redirect all incoming requests for your HTTP website to the location of the HTTPS site.
  • Re-verify ownership of your website in Google Search Console and update the sitemap location.
  • Update your web property’s configuration in Google Analytics.
  • Test and confirm that the conversion was successful.

PLEASE NOTE that the domain of your website is not changing, but the address to get there is. HTTP and HTTPS request your website from two different ports on the web server. Because of this, there is a risk that traffic to your website will drop briefly as Google works to re-index your site. This is also why making sure your re-directs are working seamlessly is extremely important.

IMPORTANT MARKETING CONSIDERATIONS:
If you have any marketing tools or digital ads pointing to your website you will want to update the URLs they are pointing to. While redirects will be set up to send HTTP requests to the HTTPS URL it’s still best practice to change them, as redirects slow the request time and could decrease visitors and conversions.

What do I do next?

You need to decide when you want to make the switch to HTTPSContact us sooner rather than later so you can stay ahead of the competition and serve your visitors with a secure connection to your business.