The Shift to HTTPS
You’ve probably seen recent stories in the news about online data breaches, even among big players like Equifax. A data breach is dangerous for any business, and it can be especially dangerous for you as an HVAC, home performance or solar contractor. If your site uses forms to collect leads or client information, then it could be vulnerable to data breaches involving customer data. One basic step you can take to protect your business from this type of problem is to implement HTTPS on your site.
Why are we writing about this? Well, a major change to how Google Chrome and other browsers handle HTTP sites is just around the corner. If your business’ website hasn’t yet made the shift from HTTP (Hypertext Transfer Protocol) to HTTPS (Hypertext Transfer Protocol Secure), it could be harder for potential clients to reach starting this month.
What Does HTTPS Do?
HTTPS emerged several years ago as a means for protecting sensitive information, such as payment information, being transferred over the web. In the past decade or so, more and more websites have been adopting HTTPS in order to make all communications through their site secure — that is, safe from hackers attempting to steal that information upon transfer from the client's computer browser to the web server. Switching from HTTP to HTTPS offers a number of benefits for website owners:
Helps to prevent data from being intercepted, modified, or corrupted by hackers
Builds user trust — users will see the lock icon and trust your website
Gives your site a small boost in rankings (which could be larger in the future)
Lets you receive referral data from HTTPS sites in Google Analytics
Migrating to HTTPS has largely been a matter of security and better ranking for website owners up until now; but as of this year, making the switch is essential if you want web users to see your website.
What’s So Different About This Year?
In an effort to make the internet a more secure place for web users, web browser developers are starting to take more active measures to encourage site owners to make the switch to HTTPS. Mozilla’s Firefox has been displaying a grey lock icon with a red strikethrough in the address bar for all HTTP websites. Back in January, Google Chrome started flashing “Not secure” warnings in the address bar on HTTP pages that contain password or payment card data fields. With the release of Chrome 62 this month, users will also receive the “Not secure” warning when they enter data on an HTTP page and when they visit any HTTP page in Incognito mode.
What Does This Mean for My Site?
If you are an HVAC, home performance or solar contractor, chances are your website contains a contact or service request form where users can enter information. This means that if you are not forwarding all traffic to HTTPS, users visiting your website on Chrome 62 will receive a warning that your site is not secure.
If you haven’t already moved your site from HTTP to HTTPS, now is the time to do so. Putting it off could reduce incoming referral traffic to your website, and that could ultimately mean fewer leads for your business. Plus, making the switch now will help protect sensitive information of your potential clients, such as phone numbers and email addresses entered via the contact forms on your website.
Unsure if your website is using an HTTP or an HTTPS connection? Take a moment to visit your website. If you see https:// at the beginning of the URL or a lock icon next to the domain name, then you know your site is using an HTTPS connection. If you see http:// at the beginning of the URL, no lock icon or a lock icon with a red slash, then you know your site is not using an HTTPS connection and is therefore not secure. (Note: Markers for HTTP and HTTPS will differ slightly depending on which browser you are using.)
How Do I Move to HTTPS?
If you’re already on the current Energy Circle Web Platform, you’re in luck — we’re already working to take care of this for you. However, if you’re on our legacy Pro platform, you should contact your Digital Marketing Account Manager or Support Circle to help you navigate the process of migrating your website.
If your website is not on one of our platforms, there are a couple of things you will need to do:
1. Get your domain registrar information.
Your domain registrar is where you purchased your domain (i.e., your URL). GoDaddy, Namecheap and Name.com are a few common examples of domain registrars. You will need to know the username and password for your domain registrar so either you, your website manager or your web host can access your account.
2. Contact your website manager or web host.
If someone manages your website for you, they can install an SSL certificate on your website using your domain registrar information. If you manage your own website, contact your web host. (A web host, like HostGator, BlueHost or SiteGround, is whoever provides the space where your website “lives.” Some domain registrars offer hosting services as well, so your domain registrar and web host may be one and the same.) Your web host will install an SSL certificate on your website for you or walk you through how to do it.
It’s Time to Make the Switch
Don’t let an outdated website keep you from generating leads for your business. Migrating your website from HTTP to HTTPS will help your website rank better on Google, protect your clients’ personal information, and offer visitors to your site a safe and comfortable user experience.