phone

7 Things You Need To Know (And Do) About HTTPS

IMPORTANT UPDATE JULY 24TH

Google just released the Chrome 68 update which will start marking all HTTP sites as NOT SECURE!  If your site is not using HTTPS your visitors will be warned that your site is NOT SECURE starting today.

Contact us if you need help securing your site.

Within the past year, the number of hacked websites has risen by over 30%.

In fact, over 30,000 sites are hacked every single day. Hacking doesn't just cause you to lose revenue when your site goes offline, or force you to pay hefty ransoms to hackers to retrieve your data.

It can also completely destroy your brand's reputation, causing your customers to lose faith in your ability to keep their private, sensitive information safe.

In some cases, companies that have been hacked may even be subject to lawsuits.

Cyber hack lawsuits

If you don't already, now is the time to start taking online security seriously, whether you run an Ecommerce platform or a more standard company website.

Often, better security begins with understanding the all-important HTTPS certificate. In this post, we'll break down everything relating to HTTPS and SSL, including what they are, why they matter, and much more.

1. What Is HTTPS?

Before we do anything else, let's first get a clear definition of what HTTPS and the HTTPS certificate are. "HTTPS" stands for "HyperText Transfer Protocol with Secure Sockets Layer." HTTPS is not the same thing as "HTTP" (more on that difference in a minute).

While the name might sound complicated, the purpose is actually quite simple. In a nutshell, HTTPS is what protects you and your consumers' credit card information, passwords, and any other secure browsing data while they're on a website.

Often, HTTPS will be symbolized in the browser bar by the presence of small green padlock, sometimes with the word "Secure" next to it.

What is HTTPS?

HTTPS is a method of data encryption.

This means that, when you first access a site, your web browser swap cryptographic keys that don't allow anyone other than your specific browser and the server you're currently accessing to decrypt the information you enter into the site.

Think of it as though the server and your browser are speaking their own secret language, which only the two of them can understand. When you first visit a site that has an HTTPS certificate, your browser runs a quick security check to make sure that certification is legitimate.

It's kind of like asking to see someone's ID at a bar, and making sure that the picture on the ID is of the person standing in front of the bouncer. An HTTPS certificate ensures that no one is entering that bar with a fake ID.

2. HTTPS vs. HTTP

Now that you have a better understanding of HTTPS, let's discuss how it differs from the far less secure "HTTP."

In the old days of the Internet, pretty much every website you visited had only HTTP "certification." This meant that when you were browsing the web and entering your payment information onto a website, it really didn't take much effort for hackers to gain access to it.

This is because HTTP sites don't have their SSL certification, which means that none of your data is encrypted. (To follow our above example, everyone is speaking the same language, and everyone is listening to the private conversations around them and taking notes.)

Over time, as hacking methods become more complicated and the overall rate of hacking increased dramatically, it became clear that the web needed to change. Enter HTTPS certification.

Another reason why so many people prefer an HTTPS certificate to HTTP?Because more of their browsing data is kept private.

No one enjoys the feeling of being watched, and sometimes the re-marketing campaigns or ads that you see in your browser are just plain creepy.

While all Internet providers can still sell your history and data on the Internet to advertisers, HTTPS makes the process much more difficult. It also limits the amount of data they can see.

Finally, if you're using HTTP, the website you're visiting can be changed by your service provider at any time. This means they can make certain ads pop up, limit the information you're able to see on a specific website - you name it, they can do it.

But not with an HTTPS certificate, which stops this kind of tampering from network hosts.

3. How does HTTPS work?

So, how exactly does an HTTPS certificate work?

The actual algorithm is pretty complex, so we'll try to break it down in much simpler terms.

Have you and your neighbor ever exchanged house keys?
Exchanging Keys

In its simplest form, that's what an HTTPS certificate is all about - two servers exchanging keys. Only instead of unlocking a front door, it locks and unlocks data.

  1. First, someone accesses the specific website in question.
  2. Then, the server will check records of IP addresses to ensure that the website has a record and a secure host.
  3. Then, you'll be directed to the host web server. After that, a request will be put in for an SSL connection.
  4. Next, the host will prove to your server that it has an SSL certificate.

After that, a secure connection is established, and you can safely enter your information and browse to your heart's content. In order to have access to HTTPS, you'll need to work with a server that offers SSL encryption - meaning that is offers "mod_SSL."

You'll also need your own IP address so that the server providing you with an HTTPS certificate are able to verify that your site is secure and that you're the one actually running it.

4. Why Do Sites Use HTTPS?

There are countless reasons why sites elect to have an HTTPS certificate.

Of course, the main one is that it offers increased security a promotes a sense of trust and safety between consumer and buyer. However, there are lots of other reasons why so many people are switching their sites over to HTTPS and gaining an HTTPS certificate.

For one, it's the wave of the future. These days, the majority of HTTP sites have switched over to HTTPS sites (don't worry, we'll cover how to do just that a bit later on in this guide.)

Additionally, because of the popularity of HTTPS sites, consumers have the option of navigating away from HTTP sites and buying what they need from a secure competitor.

There's just no reason why a consumer should or would put their data at risk when a better buying option is available.

Plus, Google has officially confirmed that sites with HTTPS rank higher in their search engine results.

Site security effects page rank

The higher you rank in these results, the better your rate of conversion will be.

Also, if your site isn't secure, customers are sometimes actively discouraged from visiting it. They may get a message in their browsers saying that the site isn't secure and asking them if they really want to visit it.

The fact that a site is insecure may even pop up in the address bar, encouraging customers to leave. That's certainly not going to help you to grow your business.

5. What Is SSL?

Now that you understand much more about an HTTPS certificate, let's make sure you're equally clear on SSL, or "Secure Sockets Layer."

SSL is what actually makes your website secure, because it's what creates the encrypted link in the first place. If you want to create an HTTPS certificate, you'll first need to ensure that you actually have SSL certification.

SSL Certificate
  • This SSL certificate lists the name of your domain, the name of your business, your city, state, country, and address.
  • It also lists when that certificate will expire, and who issued you with that certification.
  • Each time someone accesses your site, that certification is checked to ensure that it is still valid.

Always take this seriously - if your certificate has expired, the server will let the person trying to access your website know.

How can you figure out if your website currently has SSL?

It's quite simple. In your address bar, your URL will need to read "https://www.mysite.com" and not "http://www.mysite.com". That one little "s" makes all the difference.

6. How Does SSL Work?

How exactly does SSL work?

As with an HTTPS certificate, the actual process of it all is fairly complicated, and you'll never really have cause to need to understand everything that goes into the certification process and the overall algorithm.

SSL makes both a Public and a Private Key for your website.

Your Public Key is immediately placed in what's called your site's Certificate Signing Request (CSR.) This is just another collection of data containing information about your website and its security.

When your secure website is being validated, servers will confirm that the information in your CSR is consistent with your Public key. Then, you'll officially get your SSL Certificate.

Next, that certificate will be linked up with your website's Private Key, which is what lets your server create encryption and protect the data of those who access your site.

7. How Do I Change From HTTP To HTTPS?

In this final section of our guide, we'll tell you how to change your website from HTTP to HTTPS to increase the security of your website.

Keep in mind that, for most Internet users, it's really best to rely on the services of a professional for this process.

Unless you have a serious comfort level with updating your website and making changes to its backend, you'll want to leave this part to the experts. When it comes to your website's security, it's just not worth taking a risk.

However, if you feel like you're capable of making this change yourself, then you can keep on reading.
  1. The first thing that you'll need to do is buy an SSL certificate from your hosting platform. You'll also need to pick up a dedicated IP address for your website, if you don't have one already.
  2. Next, you'll need to actually install the SSL certificate. Again, this is an area where people usually run into problems, so it's best to go slowly and call an expert immediately if you're having trouble.
  3. After you've installed the SSL certificate, you'll need to configure it.
  4. Next, it's smart to completely back up your website. This is just a precaution in case something goes wrong during the process. (Of course, if you work with a professional service, they'll perform this back up for you.)
  5. Afterwards, go ahead and configure the internal links of your website from HTTP to HTTPS. Then, make sure you've updated your website's plugins, JavaScript programs, and any other types of code your website is using.
  6. Do the same to your external links, and ensure that your htaccess applications and web servers have been switched over to HTTPS.
  7. Finally, you should create your HTTPS site within Google Analytics, update your landing pages and email links, and you're good to go!

What Else Do You Need To Know?

Thanks to this guide, you're now an expert on the HTTPS certificate. You understand what it is, why it's so important, and how it differs from the far less secure HTTP versions of websites.

But now that you know all of this, you've likely started to think about the overall security of your site, and the other factors that influence where you fall in the search engine rankings.

Online security, along with digital marketing in general, are both constantly evolving. The security measures and marketing strategies that you used even a week ago may be completely irrelevant in a few days.

So, what can you do to ensure that you're always on top of the latest developments when it comes to security and your site's overall effectiveness?

That's where we can help. Contact us to learn how we can get your website properly secured with HTTPS.

Final Thoughts

We have over ten years of experience working in the digital marketing world. We have offices in Chicago and Northwest Indiana, and serve clients across the United States.

Spend some time on our website to learn more about how we can take your company's website to the next level. Together, we'll work to increase your conversions, create better campaigns, and strengthen the security of your site.

We can't wait to make this year your most productive one ever. Get in touch with us to get the ball rolling.