Why and how to switch from http to https

I’ve suggested on a number of occasions in the past that you consider upgrading your website to the secure ‘https’ protocol, rather than the traditional ‘http’ one which most of us use. This is also known as ‘SSL enabled’. I’m upgrading that to a strong recommendation, especially if you have pages on your website which ask for passwords or credit card information. Here’s why.

At the end of this month (January 2017), the next version of the internet’s most popular browser, Chrome, is going to put a message up saying ‘Not Secure’ if it comes across an ‘http’ web page asking for passwords or credit card information. In subsequent steps in the months or years to follow, the same message will apparently show for all ‘http’ web pages, regardless of content.

Now, all this message is doing is telling the truth. And does it really matter that the page is ‘not secure’? Probably not – I assume it’s been working well for you until now, after all, and nothing has changed. But it’s all in the perception. If a customer at your site sees that message, they might (incorrectly) think that something is amiss. And you could miss out on business.

The ‘https’ protocol is invisible to the user. When used, the customer’s computer and your system create a code between them and scramble the messages using that code so that nobody in-between can read them. This keeps the information safe.

This security scan is worth running on your site. If you’re not running ‘https’, the first result will be a ‘Fail’ in the ‘SSL enabled’ test.

Even if you haven’t got any password or credit card pages on your website, I would strongly recommend getting your site changed over to ‘https’ in the next few months. If you do have password or credit card pages, I would get the site changed urgently.

Now, there is a lot of technical stuff involved in switching over your website to ‘https’. It’s not something you’re going to want to do yourself unless you’re very technical and confident. If you have a maintenance arrangement with whoever did your website in the first place, it’s going to pay for itself here. There are some good guides online, but this one is as comprehensive as any.