As of August 2014, Google started to give SEO ranking points for sites that work entirely over HTTPS. If you haven't implemented an HTTPS only strategy, then in today's post, I'm going to cover some of the benefits of why you should consider it and how to implement it.
What is HTTPS?
HTTPS or 'secure 'HTTP' is a protocol that was developed to promote secure transactions over the internet. Back in the day, when a client asked for HTTPS it was usually for a few pages in their e-commerce funnel.
When you enter your credit card details on an e-commerce site, you want to make sure that only the site you are accessing gets them. To an end user, for all intents and purposes, using HTTPS or HTTP has no noticeable difference. They still use a browser to access the site, the contents of the web pages don't change and the actions they are allowed to perform don't change. The only noticeable difference for a user is that the pages URL changes from HTTP:// to HTTPS://. In most scenarios, this redirect happens automatically without them needing to do anything.
The difference between HTTPS and HTTP technically is a different story. HTTP is used to define how messages are formatted and the actions web servers, or, browsers should take in response to those commands. HTTP doesn't care how the data gets to its destination, it cares that data can be understood between two nodes. HTTPS on the other hand, not only cares about the messaging but also how that data is transported. HTTPS builds on top of HTTP but additionally SSL to transport the data. SSL is the protocol used to establish an encrypted link between a web server and a browser. So using HTTPS gives you the best of both worlds.
Why Will Google Favor Your Umbraco Website If You Use HTTPS?
If your website uses HTTPS for everything, your website will be a lot more secure... simples. Users can be guaranteed any data they interact with will be secure and because of this trust Google will look more favorably and probably rank your website higher than any competitor that doesn't use it. By implementing a SSL certificate you can guarantee that all your website visitors data will alway be encrypted when they talk to you. That the data sent is theirs and it hasnt' been tampered with, or, corrupted during the interaction and that your customers are using your website, not some spoofed clone.
Getting an HTTPs certification isn't as simple as making traffic go through a different port. To get an SSL certificate you need to pay an SSL provider a fee. This can range from £25.00 a year to over £300+. For most businesses, these costs are minimal and shouldn't be a reason to avoid it. For individual blog owners then an extra fee might put them off.
How To Implement HTTPS In Umbraco
First, you need to get an SSL certificate and register it with IIS (or Azure). Getting a certificate is outside the scope of this post, if you are stuck, ask your hosting provider and they should point you in the right direction. After registering your SSL certificate, in your web.config, you need to enable the 'umbracoUseSSL' setting:
If you've read a lot of my tutorials, then you'll know that I recommend using the IIS module, Url Rewrite to deal with these sorts of re-directs. The rule for Url Rewrite would look like this:
If you don't want to use Url Rewrite, you could always use a package, like HTTPS Redirect. I tend to stay away from using packages as it creates issues with your continuous deployment process but different clients have different requirements. Another reason I'd recommend staying clear of this package is that the re-direct will happen in application pipeline, rather than in the IIS initialization pipeline so the redirect won't happen for a slightly longer period (think milliseconds).
The SSL labs analyzer tool, here can be used to test how secure your website is.
In today's post, I've covered the benefits of using a full HTTPS only approach with your Umbraco website. Implementing HTTPS will not only make your website secure, Google will also rank your pages higher. If you are new to SSL certificates, buying and installing an SSL certification is fairly cheap and quick process. I've implemented HTTPS on multiple occasions and it usually less than an hour. Enabling HTTPS in Umbraco is pretty painless, add a redirect rule and set Umbraco to use SSL and off you go.