Questions: What's the difference between HTTP and HTTPS? Do I need to worry about it? How do I secure my site with an SSL certificate if I want to use HTTPS? Is there a free one I can use?
These are all the questions I've been asked a lot lately. Let's delve into them and get your questions answered.
HTTP vs HTTPS
When you're browsing the internet, you will have noticed that some sites start with "http://" and some with "https://". Those with https have a green padlock on the browser address bar. If you're using Chrome (which is owned by Google), you'll also see the word "Secure" next to the padlock. Here's an example, using my own website:
What is an SSL certificate?
SSL stands for Secure Sockets Layer. It's an industry standard security technology for establishing an encrypted link between a web server and a visitor's web browser. This ensures data passed between the web server and browsers remains private and secure. In order to create an SSL connection, a web server requires an SSL certificate. A website that has an SSL certificate installed will display as HTTPS instead of plain old HTTP.
Why should I care?
Version 56 of the Google Chrome browser was released at the end of January 2017 and there has been a significant change in the way it displays websites that are not using HTTPS. Any non-HTTPS pages on your website that requires visitors to enter their credit card details or passwords will be marked as "Not secure" in red with an exclamation mark.
So, if you require your visitors to sign in to your website or pay by credit cards, they may get confused and interpret this as your website having been compromised, or as having underlying security issues, rather than it not using HTTPS. You definitely don't want this!
Ultimately Google wants your site to be secure and using HTTPS. Long term, Google has announced that Chrome will show a "Not Secure" warning for all pages not using HTTPS, regardless of whether or not the page asks for sensitive information.
And Matt Mullenweg, the founder of WordPress, has announced that some of the new WordPress features released in 2017 will be available only for sites using HTTPS.
So, going forward, it looks like the web is moving in the direction of making HTTPS the preferred, if not compulsory, protocol.
What this means is that if your site is not using HTTPS yet, you should definitely think about doing so sooner rather than later. And while Chrome is the only browser that marks sites as non-secure at the moment, it's expected that all other browsers will follow suit in the not too distant future.
What to do if you want to use HTTPS
The first thing to do is to speak to your web hosting company. Some web hosting companies offer free SSL certificates while others may charge a fee. In an ideal world, your web host should assist you in getting SSL relatively painlessly and for free. But if you're one of the unlucky people who are not getting much help with your existing host, or if you're not happy with the price they're asking for, then check out SiteGround. SSL now comes standard with all new SiteGround web hosting accounts. If you've already got an existing account with them, they offer a super easy one-click switch to turn on SSL.
If you're reluctant to change web host because of the potential hassle of moving your site, don't be! When you move to SiteGround, their expert team will migrate your website for you absolutely free of charge, preventing any potential downtime. They also offer a 30-day money back guarantee, although I've never known anyone who has a reason to claim it. (You can check out this post here and read more about why I love SiteGround.)
Other Web Hosting Companies
Below I've listed a few other web hosting companies I know of (at the time of writing) that offer free SSL certificates with their shared web hosting plans. So if you're already hosting with one of them, you should get in touch with them to help you set up HTTPS.
So now you understand the difference between HTTP and HTTPS and why you should get yourself an SSL certificate. Comment below or send me a message if you have questions.