Why you need to migrate your web site from HTTP to HTTPS immediately (and how to do it).Since 2014, Google has been ranking HTTPS powered websites more favourably. But that wasn't enough for most website owners to switch their sites to the secure web, and the vast majority of websites still run over the insecure HTTP protocol.
But that should be set to change. From January 31st 2017, Google Chrome will start marking sites that collect sensitive information as 'non-secure'. Put it another way, if your site has a login or collects credit card information, from the end of January Google Chrome address bar will change as follows:
That's one way to not invite your users to sign up with your company. But this is only part one of Google's attempt to rid the web of plain old http://. The final stage of their roll will see any web site not using https:// marked as follows:
Wait... what is HTTPS?HTTP stands for Hyper Text Transfer Protocol, and is what the underlying protocol that delivers web sites from servers to browsers and makes the web possible. With HTTP, everything is transferred in 'plain text' which means that it could easily be intercepted by a hacker. HTTPS is the secure version of this protocol, which also encrypts the transmitted data.
What should I do?To migrate your site to HTTPS, you'll need to install an SSL Certificate. If your web site is hosted on a Kualo web hosting plan, you'll also be able to install a free Let's Encrypt SSL Certificate free of charge from your control panel. You may also wish to opt for a higher validity SSL certificate which include a monetary warranty, trust logo or which display your company name in the address bar to provide even further levels of trust and assurance to your visitors.
Once that's installed, you will also need to make your web site know to use https://. This typically involves:-
- Making sure that your application URL is configured to use https:// and not http://. This is typically a setting in the admin area.
- Make sure all content on the site, such as images, fonts, blog posts, are included over a secure https:// connection as well. If any content on a page loads over http://, even though the SSL certificate is installed, the site will still show as insecure.
- Ensure any links in your pages or blog posts also link to https://. This means that when your visitors click a link on an existing page, they are directed to the https:// version of the site.
Here's a great guide on moving WordPress to https://.
If you're a Kualo web hosting customer and are finding the process difficult, just reach out to our support team and we'll help you get this in place for your web site!