Switching to HTTPS

Switching to HTTPS (and Why It’s Important)

As you arrived on the site today, you probably noticed that you were redirected to a secure url and were presented with a wee padlock next to the url. That’s right: the Ambergreen site is now fully HTTPS compliant!

. . . But what does that mean?

I’m glad you asked. Basically, it means that when people visit our website, the data sent to our server and back is encrypted in between. On the old HTTP-only site, someone could potentially get in the middle of that process and read the stuff being passed between the browser and the server. Now they can’t.

It’s not just us. You’ll see lots of sites switching to HTTPS lately. So why now? And more importantly, what do you need to know for your own site?

Switching to HTTPS

Think back to when you would pass a note across the room in primary school. Your HTTP note can be opened by anybody in the note-passing chain, and they’ll know exactly what you’re sending. An HTTPS note can be understood only by the final recipient (as they have the key). Anyone else in the chain will see encrypted nonsense if they open it for a look.

So should you switch to HTTPS now? For our site, there are 2 main benefits.

The first is from a search perspective: Google mentioned back in 2014 that they were rewarding sites that use HTTPS with higher search visibility. Although we don’t accept payment details or have external logins, it’s very important for eCommerce sites or businesses holding sensitive data to use SSL certificates. And for us, at least we can be confident that no one is able to tamper with our staff photos.

This is the best!

Quoth Google:

“HTTPS sites receive a small ranking boost, but don’t expect a visible change. Google uses HTTPS as a positive ranking signal. This signal is one amongst many others, and currently carries less weight than high-quality site content; you should not expect a major SEO advantage for moving to HTTPS in the short term. In the longer term, Google may increase the strength of the HTTPS boost.”

The “should not expect a major SEO advantage” line was the main reason we didn’t make the migration to SSL a priority. Anecdotally, we’ve seen little evidence of tangible visibility benefits in search engine results pages, plus we’re typically pretty busy working on client sites in the SEO team. Sometimes need a kick to remember to spend time on the Ambergreen site!

Google’s Plans for Non-HTTPS Sites

The kick, and the second reason for migrating, is related to Google’s long-term plans for Chrome: in January this year, they’ll start warning Chrome users when they arrive on a non-HTTPS page that collects passwords or credit cards that the page is “non-secure.”

This is the first stage of a “long-term plan to mark all HTTP sites as non-secure”.

The Fate of Non-HTTPS Sites

It doesn’t take a UX specialist to figure out that a big red warning shouting “Not Secure” at the top of your site might impact your conversions and damage your brand. So, we set aside some time to get it implemented.

And now a bit of tech: we’re using a free SSL from LetsEncrypt (a non-profit backed by some of the internet’s big boys). It’s bang up to date, with strong encryption tech and is set to auto renew. It was relatively straightforward to implement (compared to battling with Plesk to generate encryption keys via 3rd party providers, it was a walk in the park). We would recommend for sites like ours. For eCommerce and data-sensitive sites, however, consider extended validation certificates.

But for non-transactionl/informational sites, it does the job very well.

Moving Forwards

That’s great.  Is there any more exciting news?

Well, yes! In addition to the HTTPS, we’re also now serving the site over HTTP/2.

Wow . . . That sounds remarkably similar to the one you just mentioned.

Yes, it does. But it isn’t. It’s a revision of the HTTP standard that ultimately allows the site to load into browsers a lot faster.  Rather than waiting on a load of different requests from a browser as it figures out what makes up the website, our server now goes “here’s all the stuff I think you need” and pushes a bunch of them at the user’s browser over one connection. Standard HTTP needs multiple connections for multiple requests and responses.

In other words, it speeds up your site.

That’s why our site loaded so quickly when you checked it out this morning.

Ambergreen

You can read more about HTTP/2 over here.

So the Ambergreen site is a little faster and a lot more secure.  If you’d like to know a bit more about what’s involved in either of those processes (it varies depending on the type of site you have), get in touch for a chat. We’d love to help you get your site where it needs to be.

What sector do you work in?