Benefits of using HTTPS across your website

HTTPS gives your website added security and privacy. As more websites move to HTTPS over time, more of your visitors will expect your site to use it too.

What is HTTPS?

While you’re probably familiar with the HTTP part of a URL, you may not be as familiar with HTTPS. The added ‘s’ stands for secure. This means the website uses a protocol called transport layer security (TLS) to encrypt information going between the site and the user’s computer. This means that if an attacker intercepts this information, they can’t read or change it.

You may also hear people refer to SSL, which is an outdated version of TLS.

What HTTPS looks like in a browser

You can tell when a website’s information is encrypted by looking at the address bar at the top of your browser. Depending on which browser you use, there may be a green padlock on the left or right of the address bar, and often the word ‘secure’ next to it. It’s important to note that this means that your connection with the website is secure, rather than the website itself.

The benefits of using HTTPS

There are several benefits to adding HTTPS to your website, and it doesn’t cost much to implement.

Trust in your website

The public recognize that a website with a green padlock is more trustworthy than one without. It shows your website’s visitors — and potential customers — that you take their privacy seriously. According to Google’s security blog, 81 of the top 100 websites globally use HTTPS by default.

However, some scammers take advantage of this by adding HTTPS to their website, to make it seem more legitimate. Remember that the green padlock shows that information is sent securely between the site and your computer. It doesn’t mean that the website is safe.

Google security blog: A secure web is here to stay External Link

Limited browser warnings

If your website doesn’t have HTTPS, your visitors may get a warning message telling them that your site is not secure.

For example, when you visit a website or web page that doesn’t use HTTPS on Chrome, it warns you that the connection isn’t secure. A ‘not secure’ message displays in the address bar next to the URL. Chrome started showing this message in October 2017, and Google’s security blog reported that visits to these pages dropped by 23% over the next six months.

Google security blog: Next steps toward more connection security External Link

Improved security

Information on a webpage goes through several points between a browser and a web server. An attacker could intercept the information at any of the points along this path. By encrypting the information using TLS, you can stop them:

  • stealing your customer’s data, or
  • putting their own data onto your website.

If your site uses HTTP instead of HTTPS, an attacker could insert ads or malware into any of your webpages without your knowledge. Your customers could also unintentionally download this malware to their computers. This is known as a ‘man-in-the-middle’ attack.

Man-in-the-middle-attack External Link

Google’s Why HTTPS External Link

Better search ranking

Search engines include the use of HTTPS as a factor when they’re ranking your website in search results. This means that using HTTPS gives your website a boost in search results over similar sites that don’t.

As more sites implement HTTPS over time, it’ll become obvious if your website doesn’t have it — and it’ll be harder for your customers to find.

Implementing HTTPS

To make your website use TLS you’ll need a digital certificate, called a TLS certificate. It’s sometimes called an SSL certificate too.

If you have technical support staff, talk with them about moving to HTTPS. If you manage your own website, ask your hosting company if they provide SSL/TLS certificates. If they do, they can probably help you implement it as well.

They’ll need to:

  1. get and implement a SSL/TLS certificate for you
  2. add a permanent redirect to your site (from HTTP to HTTPS)
  3. update any links to third party scripts to include HTTPS.

You’ll need to:

  1. update any links inside the content to include HTTPS. This includes links to images, downloads, and tools
  2. set a reminder for a month before the certificate expires. This will make sure you renew it in plenty of time, and avoid letting it run out.

Protect your website

Visit CERT NZ for more information. 
Visit ACSC for more information.