Internet privacy is becoming an ever greater concern in today’s world. Conventionally HTTPS has only ever been used on sites that require a secure login area, to prevent ‘snoopers’ from intercepting user data over an open network. In this post we will be discussing the why your site really should be using SSL and how you can go about changing that if you haven’t already.

However, Google now views HTTPS as an SEO ranking factor which suggests Google is looking for all websites to eventually make the switch over to HTTPS regardless of their content.

With the provision of free SSL providers, such as Flexible SSL from CloudFlare and Let’s Encrypt your site should be using SSL, after all money is no longer an excuse. Although it is worth bearing in mind that it needs to be properly integrated in order to receive an SEO boost, this includes setting up a 301 redirect to redirect all HTTP traffic to HTTPS.

"Over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal."
— Google Webmasters Blog

One thing to note is that CloudFlare’s Flexible SSL isn’t full SSL and should’t be used if your site holds sensitive user data as it only encrypts traffic between the client’s browser and the CloudFlare network – not the origin server. However, CloudFlare’s other SSL options work fine providing you have an SSL certificate on your own host.

How does HTTPS work?

SSL encrypts all data travelling between the client’s browser and the server. Once the data reaches the server, it is decrypted using the server’s private key. Whilst this data is travelling between the browser and the server it cannot be read or decrypted by anyone listening on the network. This means any sensitive data such as username, passwords or credit card information is safe from prying eyes.

Update

CloudFlare has recently started providing a service to generate an SSL certificate signed by CloudFlare to use within your own hosting environment. This allows you to use Full SSL on your site without the need of having a valid certificate. As all traffic to your site is directed through CloudFlare rather than your server, the SSL certificate on your host doesn’t have to be signed by a known authority.