If you’re anything like me, there’s been a time in your life when you’ve asked, “What the heck is https?”
What’s that extra “s” for? Well, it turns out that the “s” stands for “SSL,” which stands for Secure Sockets Layer -- the technology that encrypts your connection to a website, so that hackers can't intercept any of your data.
The whole concept of https is a pretty interesting topic on its own, and my colleague, Jeffrey Vocell, talks more about it here. But in addition to what it actually means, why is it so important? And why do you need it on your website?
Well, there are many reasons, but with the help of my aforementioned colleague, we identified five of the more important ones. (Spoiler alert: A lot of them have to do with your search performance, so have a good look at what they mean for you.)
5 Reasons Why HTTPS Should Be Enabled on Your Website
1) It’s good for search.
Every minute -- no, second -- Google’s algorithm requires sites to essentially battle it for top search rankings. I love that visual: two websites that could both rank for a user’s query, essentially running toward the finish line of top results. But what happens if there’s a tie? Do the sites battle it out in a “sudden death” round?
Kind of -- there is a tiebreaker involved, and it’s https. The way Google’s Webmaster Trends Analyst Gary Illyes explains it, “If all quality signals are equal for two results, then the one that is on HTTPS would get … or may get … the extra boost that is needed to trump the other result.”
It all goes back to the idea that Google is constantly solving for the user, and makes frequent changes to its algorithm that create a better experience. Which is why our next point makes sense.
2) It’s better for users.
I couldn’t tell you the last time I heard about a hacking incident in which thousands of records were stolen -- because they seem to happen so frequently. In fact, such data breaches jumped 29.5% between 2014 and 2015.
But SSL helps to prevent these “man-in-the-middle” attacks -- “a form of eavesdropping where communication between two users is monitored and modified by an unauthorized party” -- and keeps user information secure.
That makes https especially important if your website accepts credit cards or has a login functionality. With so many of these hacking incidents making headlines, users want to know that your brand is making an effort to protect them from their private information being stolen or compromised.
We could also get into a debate about the ethics of protecting your users from that kind of privacy breach, but you get the point:
- user privacy = important
- https = good for privacy
3) SSL is required for AMP.
A few pieces of vocabulary to break down here:
“AMP” stands for Accelerated Mobile Pages. It’s the technology that makes certain pages load almost instantaneously on mobile. So, when you search for something on your mobile device through Google, you might notice that some results have a lightning bolt icon next to it, that means that it’s AMP-ready.
Look at what happens when I search for Doomtree, my favorite hip hop group, on my phone. On the first page of results, one has the lightning bolt icon next to it. And when I click on that result:
... it loads instantaneously.
AMP is going to play a major role in SEO in the coming months -- Google is making it a priority for 2017, which implies that AMP-ready pages will have better rankings. But in order for something to be labeled as AMP, it requires SSL.
We’ve covered the importance of optimizing for mobile quite a bit, and preparing for the special attention that will be paid to AMP is now part of that optimization. But in order for webmasters to be as web-friendly as possible, all of the requirements behind AMP must be closely examined -- including its https criteria.
4) Google is indexing mobile.
So, that thing we just said about the importance of mobile? It turns out, Google is actually going to start indexing mobile, which means that its “algorithms will eventually primarily use the mobile version of a site’s content to rank pages from that site.”
But in order for a mobile site to be indexable, Google recommends several best practices, one of which is to “start by migrating to a secure site,” especially “if [you] don’t support HTTPS yet.”
And bottom line, says HubSpot SEO Senior Marketing Manager Victor Pan, “HTTPS is preferred over HTTP in the index, with all other things being equal.” So get secure -- you’ll be glad you did.
5) “Not secure.”
To elaborate -- In January 2017, Chrome 56 will start displaying “not secure” in the browser bar for any http (notice it’s missing the “s”) sites that ask users for login or credit card information.
I don’t know about you, but when I’m about to make an online purchase and see that the site isn’t secure -- for example, that the padlock icon in the browser bar is broken -- I navigate my business elsewhere. And I’m not alone. In fact, only 3% of online shoppers say they would enter their credit card information on a site without the green padlock.
Imagine if Google starts doing that work for users before they can even get to checkout. If the number is as low as 3% now, before search engines start doing the legwork to label sites as “not secure” before anyone even visits them, you can see how traffic to those sites will suffer a huge blow -- as well as its digital sales revenue.
Create a Safe Space
There you have it. If you want your SEO to stay strong -- on both desktop and mobile -- and you don’t want to lose digital sales revenue, it’s easy to see why https should be enabled on your website.
These are just a few reasons why https is so important. What are yours? Let us know in the comments.
Originally published Dec 1, 2016 6:00:00 AM, updated May 28 2020