Founder, Matt Mullenweg, recently announced that WordPress will require all hosts to have HTTPS in place before the end of 2017 without which certain WordPress features will cease to function.
If you already have HTTPS, this should not affect you. But if you’re still using HTTP, you’ll need to upgrade soon.
What is HTTPS?
HTTPS adds a security layer to HTTP (Hypertext Transfer Protocol). HTTPS essentially encrypts data (using SSL or TSL) that is communicated between servers and clients until it reaches the intended recipient.
This prevents cybercriminals from accessing sensitive user information and also reduces the risk of tapping and modification of sensitive data. HTTPS is not completely fool-proof, but undoubtedly it has major security advantages.
HTTPS sites can be readily identified, as they show a locked padlock icon on the link bar in most common browsers.
Why is WordPress Pushing HTTPS?
There are two main reasons for this:
Google Prefers It
It is no secret that greater encryption and cyber security has made the Internet a safer place for users. As usual, a Google update signalled the necessity of HTTPS for user experience, SEO and internet security.
As far back as 2014, Google suggested that enabling HTTPS on your site could result in higher search rankings. Although it isn’t the only important factor in raising your site rankings, certainly you should not underestimate its value. For example, if two sites are equal in all ways, but one site has HTTPS, that site would get a boost in rankings.
Chrome will display a green padlock in the link bar when a site is using HTTPS, assuring users it’s using the latest security protocol.
In January 2017, Google released version 56 of Google Chrome. This new release brought about some changes, notably with how Google Chrome treats HTTPS vs. HTTP sites. The browser now clearly identifies sites that are not operating HTTPS on their systems. For example, a “Not Secure” message now appears on pages without HTTPS that try to collect passwords or sensitive information. You can expect that, eventually, all pages not using HTTPS will clearly be labelled as having insecure connections.
It is safe to assume that Google’s preference for HTTPS has been a contributing factor for the changes implemented by WordPress.
Users Prefer HTTPS Too
A secure connection can make all the difference from a user’s perspective. Users see HTTPS as a positive signal that you are taking your site security seriously, for their benefit. So, having HTTPS could mean more traffic and longer usage times on your site.
HTTPS is particularly important if you are operating an e-commerce site. Simply seeing the padlock icon could make users more comfortable in entering their payment details and other personal information. Particularly so with the new Chrome update (mentioned earlier) which shows a “Not Secure” label on e-commerce sites or sites that require a user login or credit card information, but don’t have HTTPS.
Both Google and user preference should be enough reason for you to upgrade your site to HTTPS. It is simply necessary to ensure watertight security for your users and to protect your online business reputation.
Sites that require users to login or enter credit card information are now displayed as “Not secure” in Chrome when they haven’t switched to HTTPS yet.
We understand that you may be overwhelmed switching from HTTP to HTTPS. After all, change does takes time to get used to, but in this instance, you may need to quickly get on board. HTTPS presents a number of unique advantages for user experience and security that everyone should quickly embrace. And the advantages of HTTPS greatly outnumber the disadvantages. Plus, upgrading to HTTPS is no longer the prohibitively costly, time consuming, and difficult process that it once was. Obtaining an SSL certificate in 2017 is fast, sometimes free and comparatively easy to implement.
How to Get HTTPS
WordPress hosting partners should now provide an SSL certificate for all accounts. (It is required that they all do so as early as the first quarter of this year.)
Your hosting provider may already provide a free SSL certificate, so check with them first before you make any third-party purchase. If they do not offer a free one, you could ask them if they sell third party SSL certificates. Once purchased, you can ask your provider to install the certificate for you on your server.
Pukka Websites in cooperation with Pukka Web Hosting provides FREE SSL certificates for its clients.
Remember that SSL certificates upgrade the website, but not the content itself. That means that the content on your page will also need to be updated so as to avoid 404 errors. Google may interpret the error as a mismatch in the security level of your site.
What if You Just Don’t Want to Upgrade to HTTPS?
You could see a number of things happening to your site over time if you do not upgrade to HTTPS. The first may be facing the consequences set out by Google such as lower rankings and having your users staring at a “Not Secure” warning when they try to access your site.
The second is that you could struggle with WordPress updates and lose some or all functionality on specific WordPress plugins.
Third, your site may be an easier target for hacking.
Those are three consequences that require you to seriously reconsider if you really want to take the risk of not upgrading to HTTPS.
Let’s put it this way: you will simply have nothing to lose by adopting HTTPS. On the other hand, if you do not use HTTPS, you could risk leaving your site in the “dark ages” of the Internet.
If this conversion process is a task that you do not wish, or do not have the skills to tackle yourself, you should consider entrusting the transfer to Pukka Websites who will complete the entire process for you, for just US$ 69.
(From an article by Arnaud Broes, Semper Plugins.)