You might have heard that Google’s browser, Chrome, has started to warn net-surfers when they have entered any HTTP site. The need for HTTPS sites is greater than ever. But you might not know what that means, or how that affects you, and that’s what we are here to help you with today!
Let’s back up a second and talk about the difference between HTTP sites and HTTPS sites. When you enter a website’s url address into your browser of choice, you typically just start with “www”, and then fill in the name of the website (like your favourite Cat Bowties Boutique), throw in a splash of .com or .ca (shop local!), and hit enter. What you may not have noticed is that, once you hit enter, the url autofills with either http:// or https:// before the www.
So what’s the difference between HTTP and HTTPS?
HTTP stands for Hypertext Transfer Protocol, which is the most meaningless word salad us regular folks have seen since we last read a transcript of one of Donald Trump’s speeches. But it does actually mean something. Data needs to travel between your web browser and the website you are trying to visit (in our example, http://www.catbowtieboutique.com). With HTTP, the data is being sent in regular text. This means it can be intercepted and easily read. Not a big deal when you are simply browsing cat bowties, but significantly more important when you enter your credit card information to buy that lovely paisley tie that matches your cat’s eyes.
This is where HTTPS comes in. The “S” in “HTTPS” stands for Secure. That S makes sure that your data travels safely to its destination – it essentially acts like a burly bodyguard, guiding your information through the mean streets of the internet, protecting it from harm. The data is encrypted – it is no longer in plain text, but in a hard to understand code.
But the benefits don’t end at simple security. HTTPS connections are actually faster. And for websites, this is really important –even a 1 second delay in how fast your website loads can reduce your client conversion by 7%.
Don’t have an HTTP site? It will now be flagged by Chrome
If you visit HTTP sites (or, maybe more importantly, if people visit your HTTP site), Chrome will now warn you and your potential customers that the site isn’t secure. This doesn’t necessarily mean the site is dangerous, just that there is a stronger potential for danger, and that you should be careful with sensitive information.
You can check out your site right now – on Chrome – and see if it has a secure padlock before the url box. If not, it might say “Not Secure” like the picture. If you have an out-of-date version of Chrome, it might simply have the “information” icon, with a drop-down warning that the site is not secure. Essentially, anything but a padlock means you need to take some steps to ensure your site is secure. Easier still, type https:// before your web address. If you don’t have the right “certificates”, you won’t be able to access the site on Chrome.
How do you get an HTTPS address?
Luckily, the process is relatively simple, though it sounds rather intimidating. It may require you to do annoying things, like find out who is hosting your website, but if you can put on your adult pantaloons and briefly join me at the adult table, we can walk you through it (if you are simply done with adulting, then we can help set this up for you!)
1. Dedicated IP
First, you need to make sure you have a dedicated IP address. Many hosting plans have you sharing your IP address with other websites. There will be a charge for upgrading to a dedicated address, but it is the first necessary step to make your website more secure (and less likely to scare off potential clients or customers).
2. SSL certificate
Next, you need to buy, activate and install an SSL certificate. This is essentially a really long password that verifies your website. You can check with your hosting provider or google “buy SSL certificate” to find a vendor. Then your web host may be able to activate and install this for you. If not, you can do it through your control panel, in the SSL/TLS admin area. Chose the “Generate an SSL certificate and Signing Request” option and fill out the fields on the screen. When you get to the field “Host to make cert for”, that is where you enter your domain name (in our example, catbowtieboutique.com). You will be brought to a screen with 2 blocks of indecipherable text. The first block of text will be what you need to give the company that issued your SSL certificate. You will need to login to their site and fill out some more forms. You also need to have them send the final certificate to an email address that proves you own the domain (i.e. [email protected]), so make sure you have such an email address. They will send your .crt file only to an email that confirms you have access to that domain.
Once you have the certificate, go back to your web host control panel and find “Install an SSL Certificate”. There, you just need to upload or paste the certificate.
3. Update links
Finally, make sure you update any links on your site that send visitors to other pages within your site. The links will need the new https:// address. This is especially critical for any links that take them to pages that ask for sensitive information. There is also code you can insert to make sure visitors only access certain pages, like checkout, securely. For that, it is best to have a professional help you.
I know – this all sounds exhausting. And if it sounds like too much, have us or your web host help you with it. Don’t just ignore this. Making your site secure for visitors is not only great for the obvious (security) reasons, but now, it is important so that you don’t scare off potential customers with a big “Not Secure” exclamation mark tattoo.