Over the past few months, Google has been making noises about using SSL (HTTPS) as a ranking signal to rank websites higher in the search engines.
Up until now, it’s been quite a lightweight signal affecting fewer than 1 percent of global search queries, and carrying less weight than other signals (such as high-quality content) in order to give website owners time to switch to HTTPS.
But now a further shift is happening. WordPress is at a turning point in 2017 and is now requiring all hosts to have HTTPS available for WordPress websites. This will become critical to website owners to allow for new technology updates and features, and also for better performance.
WordPress Founder, Matt Mullenweg believes that, especially with modern browsers, this should be a free service offered by hosts. Some hosting companies are taking heed and offering it for free, and some offer it at a fee between £25 and £300.
First of all – what on earth is SSL?
SSL, Secure Sockets Layer, is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral in order to prevent eavesdropping and tampering.
Historically, SSL is most common with Ecommerce websites, when buying online it’s an added trust element when entering card payment details. Any website that takes card details online must have an SSL.
What’s the difference between HTTP and HTTPS
(warning – technical details below!)
There are lots of criteria that differentiate one from the other, here are the major three…differences between HTTP and HTTPS.
- URL Scheme: HTTPS URLs begin with https:// and use port 443 by default, whereas HTTP URLs begin with http:// and use port 80 by default.
- Security: HTTP is insecure and is subject to eavesdropping attacks, which can let attackers gain access to sensitive information of a website whilst HTTPS is designed to withstand and secure against such attacks.
- Network layers: HTTP operates at the highest layer of the TCP/IP model which is the Application layer. SSL security protocol operates as a lower sub-layer of the same TCP/IP model but it encrypts an HTTP message prior to transmission and decrypts it upon arrival. Thus, HTTPS is not a separate protocol but refers to use of ordinary HTTP over an encrypted SSL connection.
Why is WordPress now recommending SSL?
A culmination of things has lead WordPress to this point….
- Google now taking preference on ranking websites on SSL hosts.
- As WordPress continues to evolve, more new WordPress features will be requiring SSL to enable these features to work.
- Performance Improvements in PHP7 now requiring SSL.
- This is another example of a major web company’s push toward a safer and more encrypted internet. With this change, there’s no doubt the amount of WordPress websites on HTTPS is about to increase.
I think this was something that in the long term was inevitable, and something that has been in the air for a while, is now becoming a reality.
How easy will it be to upgrade my website?
Well, as I mentioned earlier, most SSL certificates are being offered for FREE by web hosts however, this only upgrades the website – NOT the website content itself.
Think about it, your website will move from http://www.mydomain.com to https://www.mydomain.com which means that your content pages will need to be transitioned to avoid 404 errors occurring.
Making the server compliant does not make the content of the website compliant, and Google will show a mismatch in security.
What we, as hosting providers, need to do is to encrypt the content of your website to match the certificate. This is a service we are now offering all of our web hosting customers.
What if I deal with my host directly?
Then you will need to contact them and ask them to provide this service for you. I don’t recommend you do this yourself unless you are fully aware of the process that needs to happen.
What happens if I don’t upgrade my WordPress website to SSL
Right now, nothing. However, over a period of time, a few things will happen.
- Your website will lose rankings in Google
- You may struggle to update your website to WordPress latest versions.
- Some plugins may not continue to work
- Your website will become more vulnerable to hacks.
To round up, I truly believe that now is the time to upgrade your website to HTTPS. I know it’s definitely something we will be doing ourselves very shortly.
If you’d like any further information about his, please don’t hesitate to get in touch. What do you think?