http or https

Should my websites use standard plain text http, or https (i.e. SSL)? I need to consider ease of implementation, search engine optimization (SEO), security, and speed.

http or https

Ease of Implementation: Once I have a site up and running, http just flat works. If I choose to switch to https I need to …

  • Make a full site backup in case something goes horribly wrong.
  • Obtain and install an SSL certificate. This is easy breezy if my host provides free Let’s Encrypt, otherwise it can be a bit costly and time consuming.
  • Make some WP configuration changes.
  • Search/replace my WP database to change all ‘http://mysite’ to ‘https://mysite’
  • Cross my fingers and hope everything worked perfectly.
  • Since everything never works perfectly, troubleshoot the problems.

For ease of implementation, http wins hands down.

SEO: Google now favors secure sites. Not by much, but I expect the delta to increase over time. More secure = better search engine rankings. Https wins.

Security: If I allow for any sort of user input – logins, comments, contact page, or especially sensitive information like credit card numbers, gotta go https. Https is not a magic fix-all-security-problems solution, but it does encrypt data in transmission to foil eavesdroppers. Even if my site simply serves pages – in which case http should be just fine – some users just really like to see the secure lock in the browser window.

For security, https wins. Not even close.

Speed: There is an interesting ongoing kerfuffle on which is faster. Examples, On the “Https is faster” side: I wanna go fast: HTTPS’ massive speed advantage; And on the “No it isn’t” side: Stop. Just Stop. HTTPS is not faster than HTTP.

Https requires a bit more processing, so all else being equal http is undeniably faster. But – all else is not equal. When it comes to speed the question is not http vs. https but rather legacy HTTP vs. modern HTTP/2.  HTTP/2, the specification for which was published in March 2015, uses more efficient mechanisms for data streaming, and is much faster than HTTP.

While there is no rule preventing plain text HTTP/2, browsers and other applications only support secure HTTP/2. So, in practice, https is faster.

The Verdict: The ease of implementation of http is more than outweighed by the SEO, security, and performance benefits of https.

As of the date of this post, roughly 75% of websites use http, but well over half of all web traffic uses https. So, bigger, more popular sites have gone https, while most of us rabble are still living in the dark age of plain text http. The trend is inescapably toward https, and I gotta go there at some point. I might as well do it now.

WPPOV supports freedom from Net Neutrality and the GDPR. The Internet of the people, by the people, for the people, shall not perish from the Earth.