What is HTTPS?
When you visit a website, there are 2 basic options – HTTP and HTTPS. HTTP is the original and has been used on the internet for a long time. HTTPS is the encrypted version of HTTP. When you visit a website you can tell the difference by looking for the green padlock symbol.
HTTP:
HTTPS:
You’ll be used to seeing HTTPS for online banking, only shopping and so on. Now, however, it’s becoming increasingly recommended to be used by every website.
It used to be quite expensive and complex to set up, it required changing your code and purchasing a secure certificate. These often cost £150+. For the last year or so, we’ve been providing and installing secure certificates on every hosting account. HTTPS with NetWeaver is both free and automatic.
Why should I enable HTTPS?
Two significant reasons have developed this week.
Firstly, you may have heard in the news about Krack. This is an exploit that allows attackers to bypass the security used on most WiFi networks. If you’re using HTTPS to access a website this doesn’t pose a risk.
Secondly, the worlds most common web browser – Google Chrome – is changing the way they display the security of websites. With the release, this month of version 62, any website which collects any information, even a simple contact form, will start to advise visitors that the site is ‘not secure’.
The Chrome developers have also stated that they intend to display the ‘Not secure’ warning on all non-HTTPS pages in future versions.
On a more general level, using an HTTPS site makes site visitors feel more secure with your company. Banks and other big companies have been actively trying to encourage customers to look out for the padlock symbol in their browsers.
In the past, if you were to enable HTTPS it would slow your site down. Now, however, with http2 (which we’ll cover in a later article) it’s usually faster than standard HTTP.
How do I enable HTTPS?
The good news is, we’ve already enabled HTTPS for you – you just need to start using it.
Firstly, you can try it out in your browser. Say your site was www.netweaver.uk – instead type https://www.netweaver.uk/ into your address bar. For many websites, this will now load the secure version. If you’re using software such as WordPress, you need to tell it to start using the HTTPS version. This can be found in the settings menu.
For WordPress:
- Login to wp-admin
- Click ‘Settings’
- Go to ‘General’
- Change both the ‘WordPress address (URL)’ and ‘Site address (URL)’ from http to https
- Save Settings
If you’re using any Cache plugins you may need to purge the cache at this point.
Redirect all visitors to https
You can redirect all your site visitors to the HTTPS version of your website from within your control panel, which you can visit via My NetWeaver.
We have a handy guide here.
Now, when visiting your website you should be automatically redirected to the secure version. All the advantages mentioned will now be in place – it may even enhance your search rankings.