Starting in soon Google is going to start down-ranking sites that don’t have HTTPS. HTTPS on a website has already been a ranking signal for some time, but Google is taking it ever more seriously.
First of all, what is HTTPS certification/encryption?
It’s that green thing whenever you go to a website that is secure. Without HTTPS, all the website data that is transferred from the server to your computer and vice versa is out in the open, it’s like radio channels, anyone with a slight bit of knowledge can tune in and look at the entire data.
I’m going to go on a history tangent, skip this if you want, but it’s interesting.
The etymology of the word “encryption” comes from cryptography –the study of secret messages/codes. During World War II, Native American Navajo talkers relayed secret messages via radio between the US military based on the Navajo language. Messages would be translated from English to Navajo language, and spoken into the radio by a Navajo talker and heard the other end by another Navajo talker and translated back to English. Because the Japanese didn’t know the language, nobody else other than the few Navajos did, the Japanese military couldn’t crack the code. The Japanese could tune in to the radio channels but they couldn’t understand a word said. That’s encryption. Think of HTTPS as translating the data into some secret language that hackers can’t read.
Encryption makes that impossible. Ok, ok, nothing is impossible, but it makes it super duper hard and not worth the effort for some random hacker or as the analogy goes “anyone with a radio” to listen in. This is why website’s with email/password login almost always have HTTPS encryption. So hackers can’t just “tune in and listen to” your password or credit card number as it is sent from your computer to the servers.
Protip for your day to day life: If a website requests for your password but don’t have that green HTTPS thingy, DO NOT use it. I repeat, DO NOT USE IT.
So how do you get that sweet sweet encryption?
If you look at your website and don’t already have that green HTTPS thingy, it’s time to get one.
It used to be that you have to pay to get it. But recently a non-profit called Let’s Encrypt started encryption for everyone. Simply call up your web hosting (whether it’s HostGator, or SiteGrounds, or BlueHost) and ask the support to add HTTPS to your website for you. It should be quick and easy. And now that, Let’s Encrypt has made it free for everyone, they shouldn’t charge you for it.
If you want to do it yourself because you are hardcore and got time on your hands, the instructions are on https://letsencrypt.org/ you can also use CloudFlare’s free pricing plan to get https. CloudFlare they hosts your dns and provides a layer between your servers and the internet give you free cacheing and security and free https. For the github pages users, it’s actually the easiest way to do so. That’s what I did for my site feedshare.org.