Should You Go HTTPS?


That was easy. But maybe I should elaborate a little…

Stories from the Real World

Two clients in as many months have come to me in a panic. Visitors to their sites were getting all kinds of scary warnings about malware infecting their computers transmitted from their sites. These warnings were actually bogus, meant to scare visitors coming to the sites into downloading something that was nefarious.

What was really going on? A “man-in-the-middle” attack, where malicious traffic was being “injected” into the connection between the visitor and the site, or more probably, between an unencrypted connection between a commonly-used library such as Google Analytics and the visitor. The solution in both cases was fairly simple: force the connections to Google Analytics and other third-party Internet libraries being used on the site to use the secure HTTPS protocol, instead of the insecure HTTP protocol.

I’ve Said It Before…

I written elsewhere in the past about how it’s a good idea for marketers from all corners to go HTTPS-only, and I’m going to beat that drum again here. In both of the above cases, my clients (whose problems affected their legacy sites) could have avoided trouble to begin with by ensuring that their sites were being served over HTTPS. How does that help?

HTTPS does a number of things, but the pertinent one here is that it ensures that the server you’re talking to is verified and not a bad player impersonating a legitimate server. This is why it’s so crucial for banks and other entities where valuable information is being transmitted use HTTPS. But think of your website. Not only could a non-HTTPS server open itself to these kinds of malicious activity, but it can leave your website vulnerable to other hacks.

In my Zen and the Art of Website Maintenance post concerning security a few weeks ago, I mentioned that hackers can monitor traffic that transmits plainly across the Internet, hunting for usernames and passwords. I’m going to reiterate my recommendation here: any system that requires a login, even your WordPress site, should be served over HTTPS in order to encrypt your login information.

Need More Reasons?

If protecting your website and its visitors isn’t motivation enough to go HTTPS, how about performance? HTTPS is a requirement to support the latest, fastest versions of the protocol that makes up the World Wide Web. Without it, your site’s performance will suffer, and so will your conversions.

Search rankings are another reason to go HTTPS, as Google uses sites served over a secure protocol as a factor in its website rankings. It’s only a small percentage of the formula, but why let possible Google juice go to waste?

You’ve Convinced Me, but Now What?

It used to be that going HTTPS was a costly, uber-technical process. While it still requires technical know-how to take advantage of the performance benefits HTTPS can provide, the monetary cost has dropped down to zero. Let’s Encrypt, an initiative by the Internet Security Research Group makes HTTPS free and readily available for everybody, large and small, profit and non-profit. There’s even a WordPress plugin to make the process as painless as possible.

Hopefully I’ve persuaded you that the time to go HTTPS is now, no matter what the nature of your website. Are you ready to make the switch, but need some guidance to get you there? We can help.

Leave a Reply

Your email address will not be published. Required fields are marked *