Probably, if you haven’t migrated already to an https url, you’d have received an email from Google or your host company to migrate to HTTPs.
An integral part of Google’s mission to make the web a safer and better place, migrating to https is like awaking to the reality of a big city and locking doors to keep safe instead of sleeping peacefully in a crime free town.
In https, the s itself signifies the purpose as it stands for secure, meaning that the site has been installed with a ‘secure sockets layer’ (SSL). It prevents unauthorized parties from listening or observing the conversations going back and forth between the website and the user by encrypting them entirely. It ensures the communications reach the intended end user by providing authentication and hence prevents corruption of data.
Initially, it was believed that encryption was needed only when your webpage asked for sensitive information like credit card or financial details or social security numbers from users, but now, it is slowly becoming a need for all pages and sites.
It is often possible that through a legitimate-looking email, you clicked into a page that looks credible but is fraudulent. A non-secure conversation can be hacked into by cyber criminals who may provide a modified version of the website to the visitors and lure them into fake transaction which you didn’t create.
While high traffic websites with more traffic are at a greater risk, criminals may hijack smaller sites too for extracting sensitive information since it is often easier, specially is the site is not secured. Hence, Google is pushing you to migrate to https.
Without SSL, your site will still function, but leaving it unsecured may bring a bigger issue later:
It is not a very recent development as Google has been down-ranking unencrypted websites since 2014, though very slightly. Over 50% of pages viewed by desktop users are encrypted according to the data in the Google Transparency Report. Hence, it is clear that the search rank penalty by Google for weakly encrypted or unencrypted website has a significant role to play with deterring traffic from reaching your website.
Since October 2017 the penalties have become aggressive and hence it is best to migrate if you have not already. You too might have encountered warnings like ‘your connection is not private, or ‘hackers might be trying to steal your information’ pushing you to click the back to safety option when trying to open unsecured websites. You do not want users to encounter the same for your website.
To migrate to HTTPs, you will first need to obtain a SSL certificate.
Except if you credit card or financial transactions involved, a basic level certificate will cover your needs. Almost all hosting companies offer SSL certificates and hence you can enquire with them for the simplest solution. While there are also SSL certificate options available at no cost, hosting companies may not make it possible for you to use them. Dreamhost is one company which lets you use Let’s Encrypt, a free and one click operation for securing your website. With other hosts, you may have to check for what they have on offer.
With your SSL certificate purchased and installed, you will next have to reconfigure your website to use the renewed address.
Changes that need to be considered attentively are:
Once you’ve handled this, you should monitor the website for any breakdowns for some time. There may be images or multimedia with HTTP in their path, making the page they appear on display as insecure. Search ‘site.[yourDomain].com’ on Google and check if the pages Google is indexing on your site are found as https URLs. When using the Search Console to fetch to Google, your most important pages as considered by Google will be re-indexed instantly while others may take time to be re-indexed completely.
If you are tech savvy and have designed and developed your website yourself, you’d find it simple to migrate yourself, or you can hire a developer to do the required for you. A secure platform is definitely a plus not just for better customer loyalty and trustworthiness, but also to up your own traffic with the increased rankings.