It’s Saturday, March 17, 2018 in Austin, Texas
Benefits to Serving Websites Over HTTPS
There are a multitude of benefits in serving your website over the secure HTTPS protocol, instead of over the unsecure HTTP protocol.
1) First and foremost, it's ultimately far safer and helps protect the privacy of your visitors.
Anything served over HTTPS is encrypted, and thus not subject to interception or manipulation by others.
Anything served over HTTP could potentially be intercepted by others on the network, or networks the data packets are traveling through. This is especially true if you access data over a public WiFi network that doesn't require a login (which is never recommended but still pretty common).
Thus HTTPS connections generally have always been used when checking out and paying with credit cards.
By serving your entire website over HTTPS, you will ensure all data including URLs visited and forms submitted are encrypted.
2) The SSL certificate for HTTPS, must be issued to the party that actually controls the domain, and thus it verifies that users are reaching the website they intended rather than a spoofed clone site.
3) Google has made it clear that they prefer websites that use HTTPS, and thus have given preference to those websites in their search results.
Thus your website may rank higher in the results, and thus benefit from increased traffic and potential customers/sales.
4) Referrer data is preserved, and thus when viewing website analytics, you will see where users are coming from - this would otherwise be stripped out if referrer was from HTTPS to HTTP.
5) Browser alerts signifying a secure connection appear in the browser URL bars - rather than warnings that might frighten customers.
All these advantages far outweigh any potential disadvantages, but there are some important things you should be aware of:
1) Secure certificates cost money, a lot less than they used to, but still there is fee of around $50 per year. Different certificate providers may charge much more or less than that.
2) Most hosting providers will charge you a monthly fee for a dedicated IP address too.
You might be best off with a hosting plan that already includes the dedicated IP address and SSL Certificate in the monthly hosting plan - like Hostgator's Business hosting plan.
3) There is a process of getting the SSL certificate issued and installed that varies based on hosting company. Some hosting companies will charge you an installation fee of around $100.
Usually the process is relatively easy and merely requires domain validation through an company controlled email address, but more expensive options require extended validation of business documents, etc.
4) SSL certificates expire, and are only valid for the period you purchase them for. Many hosting companies only provide a SSL certificate for 1 year period, and thus you must remember to renew annually.
If you forget to renew, users will get scary browser alerts indicating that your website is not safe and blocking them from proceeding to your website.
5) When you serve your website over HTTPS, then all elements on the page including images and scripts must also be served over HTTPS - otherwise mixed security browser warnings maybe shown, non-secure elements maybe hidden, or the page may not load correctly at all.
This can be an issue with some 3rd party scripts or images served from 3rd party websites. However, this is becoming rarer as HTTPS is widely used.
6) SSL certificates are generally only valid for the particular domain that you buy the SSL for, unless you buy a more expensive Wildcard certificate.
This is really only an issue if you own a lot of different domains, or have lots of subdomains.
7) You should always enforce HTTPS via 301 redirects, otherwise users might go to the unsecure HTTP version.
As web developers we believe that using HTTPS is quite valuable, and we can help you navigate any of the above complexities with implementing SSL on your website. Call us at 512-469-7454 to discuss your project today!