Which Pages Should I Make HTTPS on My Website?Leave a Comment
HTTPS, a marker of SSL encryption on a webpage, is getting more attention due to a recent announcement by Google that indicates a greater search engine preference toward HTTPS sites. SSL encryption is extremely important for certain sites on the web, and if you haven’t already considered enabling it on your site, it’s time to assess your situation. If you aren’t sure whether your site needs HTTPS, or which pages of your site actually require SSL encryption, this article will point you in the right direction.
Why HTTPS Is Important
HTTPS is distinct from HTTP because of the way data is transferred between a user’s Internet browser and a website’s host. The “S” indicates the presence of an SSL certificate, which is a purchasable add-on that encrypts information that is exchanged between different sources. It is extremely important for user privacy on the Internet, because without encryption, foreign users can view what data is being transmitted and steal it for their own purposes.
In short, HTTPS and the SSL certificates that accompany it, exist in order to protect online users’ privacy by scrambling and masking their data. Sites that handle sensitive information, such as credit card numbers and other personal data, need SSL encryption to make their users feel safe and prevent the risk of a data breach.
A New Impact on SEO
HTTPS may be rising in importance, if you read into Google’s recent announcement that HTTPS is now a ranking signal in their search algorithms. For now, the impact on SEO is relatively minimal—according to the official statement, the change is only going to affect one percent of all search queries. But Google likes to roll things out slowly, and when they make a decision about a new web standard, they tend to stick with that decision.
SSL encryption won’t give you a rank boost right away, at least not a significant one, but Google will likely increase the favoritism it gives to sites with SSL encryption in the coming months and years in an effort to improve user privacy and overall user experience online. Eventually, it’s reasonable to suspect that every site will need SSL encryption to meet Google’s standard, but for now, it’s a secondary priority unless your site already needs SSL encryption.
Which Pages You Need to Upgrade
When you purchase an SSL certificate, it’s going to apply to one whole domain. For example, if you operate a site called superduperwebsite.com, your SSL certificate will protect all pages within that domain, such as superduperwebsite.com/blog, superduperwebsite.com/about-us or your ordinary superduperwebsite.com. As such, you won’t need to worry about picking and choosing which pages within your domain the SSL certificate will cover. However, if you operate with subdomains, you’ll either need multiple SSL certificates or one wildcard certificate that can cover multiple domains.
Now, let’s take a look at which types of pages actually require SSL encryption. For now, let’s ignore the new SEO benefits of SSL encryption and focus solely on which web pages require encryption strictly for user protection. If any one page of your site requires SSL encryption for user protection, you should purchase a certificate for the entire domain.
Pages That Collect Personal Information
Any page or popup on your website that collects personal information of any kind requires SSL encryption to protect your users. For example, if part of your website requires a user to input their name, address, and credit card information, you’ll want to encrypt that communication. Almost any type of e-commerce platform will require HTTPS encryption throughout the site for the safety of your users, but the requirement also extends to pages that collect private information for other purposes. If you store this data for future use, it’s imperative that you protect that information on your servers in addition to having HTTPS protection—but that’s a different article.
Pages That Require a Login
If any pages within your site require a login from your users, it’s a good idea to get SSL encryption. Even if you run an online forum that doesn’t require the collection of any personal information other than a username and a password to log in, SSL encryption will protect that information from being intercepted. If a user goes against standard practices and uses the same username and password across the web, they could be vulnerable to identity theft from something as innocuous as an unprotected forum login page.
Pages That Lead to a Third Party Payment Process
If your e-commerce platform doesn’t take any personal information from your users, but instead directs them to a third party payment checkout, such as with PayPal, you don’t necessarily need an SSL certificate, since users’ personal and payment information will be protected by the third party to which you are connecting. However, if you do accept any information before or after making that third party connection, you’ll need an HTTPS upgrade.
Pages Under a Subdomain
As I mentioned above, if you have multiple subdomains within your website, you’ll either need separate SSL certificates or one “wildcard” SSL certificate to serve as a master between your subdomains. If, for instance, you have an e-commerce platform, such as store.superduperwebsite.com that collects personal information and a blog extension at the original superduperwebsite.com that does not collect any such information, it is possible to get an SSL certificate that only covers the e-commerce subdomain. However, for a consistent user experience, you might as well get a certificate that will cover all your subdomains.
How to Upgrade Your Website
If you’re ready to upgrade to HTTPS, the easiest way to purchase an SSL certificate is through your domain registrar (such as GoDaddy.com). In many cases, your hosting provider will be able to offer a “shared” SSL certificate that covers multiple domains under one umbrella at a reduced rate. There isn’t a lack of protection that comes with a shared certificate, but you will want to thoroughly test your connection to make sure you aren’t getting any errors before you depend on that protection.
If you’re interested in buying an SSL certificate directly, the process is relatively simple. For the best results:
- Select the proper format for your certificate, appropriate for your domains (single-domain, multi-domain, and wildcard)
- Use 2048-bit encryption (which Google recommends)
- Use relative URLs for all pages within one domain, and protocol relative URLs for other domains
Before you get too excited and purchase an SSL certificate for your entire website, take a step back and evaluate your priorities. Are you purchasing an SSL certificate because your site captures some kind of personal information? Good. Are you purchasing an SSL certificate because you think it’s going to give you a huge SEO boost? You might want to reevaluate your decision. If you’re going to invest money in your SEO campaign, you’re going to see far better results with well-written content and organic backlinking than you would by upgrading your website to feature SSL encryption.
In time, Google’s standard will grow stricter, and you may find upgrading to HTTPS to be a worthwhile investment even if your users never provide any information on your site. For now, the question of SSL comes down to how badly your users need protected and how proactive you want to be.