Did you already change your website to HTTPS? Not yet? Then you are definitely advised to do it as soon as possible. Why? First of all, HTTPS is a ranking factor confirmed by Google. Secondly and maybe even more importantly, since some time, various Internet browsers declare websites which are not accessible via HTTPS as unsafe.
Why should you convert your website to HTTPS?
If you use the Google Chrome browser, you might have noticed it. Websites that are fully accessible under HTTPS are marked as safe in the browser line.
Websites that are not yet accessible under HTTPS, or where HTTPS is not implemented correctly, lacks this rating. Here, a small i appears instead. If you click on this, the browser will tell you that the website is not secure.
The same is true in the Firefox browser:
If there is a login area on the page, the Chrome browser even indicates that the page is not secure.
Firefox displays a crossed-out castle:
From a user point, it makes sense to convert sites to HTTPS. Nobody wants sensitive data to be intercepted by third parties. If a user sees that a website is classified as unsafe by the browser, he or she will reconsider whether he makes a purchase, files his data in a contact form or signs-up for a newsletter. A classification as safe can, however, strengthen him in his intention to make a contact or purchase.
Also in terms of visibility in search engines the use of HTTPS is recommended. Google is working to make the Internet safer. HTTPS has been established as a ranking factor since August 2014. Since the end of 2015, the search engine automatically attempts to access sites under HTTPS. If a site is accessible under HTTP and HTTPS, the HTTPS version is usually indexed.
A study by the SEO tool provider Searchmetrics confirms a link between the use of HTTPS and the visibility in search engines of a website. According to the study, websites with HTTPS tend to have better rankings. So why not take advantage of this?
Background: With SSL/TLS, HTTP becomes HTTPS
HTTP (Hypertext Transfer Protocol) is used to transfer data on the Internet. When a web page is called in the browser, the browser sends a request (HTTP request) to a server. This request is processed by the server and the corresponding files are returned to the browser (HTTP response) to display the web page.
SSL stands for Secure Sockets Layer and describes an encrypted data transfer between client and server.
If a browsers and a web server have successfully authenticated using SSL and a secure connection has been established, the data can be transferred encrypted using HTTPS.
Normal HTTP traffic on the other hand is unencrypted. A connection via HTTPS guarantees the visitors of a website that their submitted data can not be read or intercepted by third parties.
SSL Certificates: What do you need?
The prerequisite for an upgrade to HTTPS is the use of an SSL certificate. You will receive this from a certification body. It checks whether your site address is actually part of your company. Certificates are available in different versions and different price classes. In any case, make sure that a 2.048-bit key is used to encrypt the data.
In order for Google to classify your website as safe, you can use a very simple certificate. These are even free at Let's encrypt. They are suitable for simple blogs and websites where you can not store user data or there are no login areas.
For sites with a login area or forms where sensitive user data are transmitted, more complex SSL certificates are useful, but they also cost more. These are even safer as they query for more details and also check whether a company really exists (for example, through a check in the commercial register). Then the status line in the browser is adapted accordingly. This increases the user's trust in the website.
Simple certificates are only valid for one domain (for example www.examplepage.com.au). There are, however, Wildcard SSL certificates (also placeholder certificates), which apply not only to the domain (both domain.com and www.domain.com), but also to all subdomains (* .domain.com). And even Multidomain SSL certificates, which can be used for multiple domains. Again, there are certificates, which verify more details of the company and subsequently are more expensive.
For example, if you have content in different languages available on your own domains (www.example.com.au) or sub-domains (en.example.com.au), you will need a corresponding certificate.
By the way, you can also use different certificates for different areas of your website. For example, if you have an online shop with an associated blog on a sub-domain (blog.exampleshop.com.au), you can use a different, cheaper certificate for the blog and you don't need to buy a more expensive Wildcard certificate.