There is a lot of debate right now going on in both the developer and WordPress communities over reasons why you should and should not use HTTPS. I thought I would share with you my perspective to hopefully clear a few things up and perhaps shed some light on certain aspects you might not have considered. Why HTTPS? Check out the 6 reasons below why you should be migrating your site or WordPress blog today.
As most of you know, I have been a strong believer in HTTPS everywhere for quite a while now. Google has been pushing this a lot lately. Now don’t get me wrong, I am not just agreeing with Google. There are many reasons why you should migrate to HTTPS. Troy Hunt, a Microsoft Regional Director, recently posted an article called, “I wanna go fast: HTTPS’ massive speed advantage.” And he got a lot of negative feedback on Twitter.
The funny thing is, from a lot of the comments and feedback he got, I can tell those people haven’t actually tested this themselves. I can tell you, if everything is optimized correctly and on the right hardware, HTTPS is faster than HTTP! Yes, I said it. I have migrated many sites to HTTPS and I always do tests before and after. Below I dig through some of the feedback he got.
Criticism #1 – HTTP/2 vs HTTP, or HTTPS vs HTTP?
Some thought his comparison was more of HTTP/2 vs HTTP, rather than HTTPS vs HTTP. And Troy responded with:
“no, more like this is how the web works today.”
I would have to agree with Troy 100% on this one. Even though HTTP/2 usage is only at 9.1% currently, the adoption rate is skyrocketing. Even if you are on older hardware and not capable of HTTP/2 yet, it should still already be in your future upgrade plans.
HTTP/2 is here to stay folks and like Troy said, this is how the web works now. When it comes to web performance, you need to adopt new technologies or you will fall behind. So going forward are we going to be assuming people are using HTTP/2 when we say HTTPS? Probably yes. Now I realize not everyone can upgrade, which is totally understandable, but I hate people that are backwards thinking.
Criticism #2 – Google Disables HTTP/2
Another argument was because of Google’s decision about Chrome and disabling HTTP/2 for those not running OpenSSL 1.0.21. While I agree this is a slight setback, there is a reason good Google did this and it is to support the ALPN extension (Application-Layer Protocol Negotiation). There are more benefits to using this vs NPN which was previously being used. Also, out of three different web hosts I use, I wasn’t affected by this decision at all because my hosts were all using the latest version of Ubuntu and OpenSSL. That is why I recommend picking a good WordPress host like Kinsta, WPHostingSpot, or SiteGround.
While some of the arguments bring up good points it seems as though most of them are from the perspective of not thinking towards the future. Diddo what I said above already. The web is moving to HTTPS everywhere and it is only a good thing. You can expect to see many more posts from people about HTTPS, just like this one, over the next 6 months.
I left a comment on Troy’s blog as pertaining to “why https”, and here it is below in more detail. It got 10 upvotes so I guess at least a few people agreed with me. I also commend Troy for being brave and posting this as it is somewhat controversial. I also created a thread about this on the KeyCDN community forums.
Whenever anyone asks me why HTTPS? I respond with this:
1. Faster Performance
Performance benefits with HTTP/2. Every site I migrate to HTTPS all see speed improvements. Is it because they are running over HTTP/2? Yes, of course it is. Because of the better multiplexing, parallelism, HPACK compression (Huffman encoding), ALPN extension, server push, etc., it now makes up for that TLS overhead. And finally getting rid of some of the hacks like domain sharding and concatenation is a plus in my opinion.
2. Better SEO
Google has said that there is a slight ranking factor for sites running over HTTPS. (I don’t care how much it is, anyone in SEO will take any advantage they can get. I know I do.)
3. More Secure
The obvious, better security. Even WordPress blogs shouldn’t be passing login info in plain text. The arguments that blogs don’t need HTTPS is ridiculous. Any information information no matter where it is passed should always be encrypted, whether it is credit card data, usernames, passwords, etc.
4. Builds Trust
By using HTTPS you can build trust with your visitors and possibly even help your conversion rates. I know I will never put any information into a site if it doesn’t have that green padlock at the top.
“28.9% look for the green address bar.” – GlobalSign
5. More Accurate Referral Data
And the last reason, which I don’t see mentioned very often but it is very important, and that is referral data. HTTPs to HTTP referral data is blocked in Google Analytics and usually ends up in the black hole of “direct traffic.” If someone is going from HTTPS to HTTPS the referrer is still passed.
6. Browsers Giving Warnings
As of August 31st with the release of Chrome 53, Chrome now displays a mid-grey colored info box. It is not a yellow warning, but it still sticks out like a sore thumb.
If you are running an SSL certificate you get the nice green padlock.
Thinking you should migrate to HTTPS now? Make sure to check out my complete HTTP to HTTPS migration guide. I keep this updated as I use this myself. And if you are worried about the cost, don’t be. An SSL certificate from NameCheap costs $9 a year and if you are using a modern CDN, like KeyCDN, they probably already have a Let’s Encrypt integration. This means SSL on your CDN is completely free. Obviously if you are an enterprise customer, Let’s Encrypt won’t cut it, because there is no warranty, but for most websites, Let’s Encrypt is pretty awesome.
Would love to hear your thoughts below on why HTTPS or why not.