As of August 2014, Google started to give SEO ranking points for sites that work entirely over HTTPS. If you haven't implemented HTTPS within your Umbraco powered website, then in today's post I'm going to explain why you should consider implementing it today ️🔥️🔥️🔥
What is HTTPS?
HTTPS or 'secure 'HTTP' is a protocol that was developed to promote secure transactions over the internet. Back in the day, when a client asked for HTTPS it was usually to cover a few pages in their e-commerce funnel. When customers enter credit card details on your site, you want to make sure no one can view this data in-flight. To an end-user, using HTTPS or HTTP has no noticeable difference. They still use a browser to access the site, the contents of the web pages don't change and the actions they are allowed to perform are the same. The only noticeable difference for a user is that the page URL changes from HTTP://
to HTTPS://
and a little lock icon will display within their browser.
The technical difference between HTTPS and HTTP is a different story. HTTP is used to define how messages are formatted and the actions web servers, or, browsers should take in response to those commands. HTTP doesn't care how the data gets to its destination, it cares that data can be understood between two nodes. HTTPS on the other hand, not only cares about the messaging but also how that data is transported. HTTPS builds on top of the HTTP protocol and additionally uses SSL to transport the data. SSL is the protocol used to establish an encrypted link between a web server and a browser. So using HTTPS gives you the best of both worlds.
Why Will Google Favor Your Umbraco Website If You Use HTTPS?
If your website uses HTTPS for everything, your website will be a lot more secure... simples. Users can be guaranteed any data they interact with will be secure. The HTTP2 protocol will also only work over HTTPS. The benefit of HTTP2 is that it will allow a browser to download your web pages resources quicker (more info here. Simply allowing for HTTPS will rank your website higher than your competitors that do not implement it.
Getting an HTTPS certificate isn't as simple as making traffic go through a different URL. To enable HTTPS you need to pay an SSL provider a fee. This can range from £25.00 a year to over £300+. For most businesses, these costs are minimal. For individual blog owners then an extra fee might put them off, however, £25 a year will not break the bank!
How To Implement HTTPS In Umbraco
First, you need to get an SSL certificate and register it with IIS (or Azure). Getting a certificate is outside the scope of this post, if you are stuck, ask your hosting provider and they should point you in the right direction. After registering your SSL certificate, in your sites web.config
, you need to enable theumbracoUseSSL
setting:
If you've read a lot of my tutorials, you'll know that I recommend using the IIS module, Url Rewrite to deal with re-directs. To force all your site users to use HTTPS, you will need to create a redirect rule from HTTP to HTTPS. The rule for Url Rewrite would look like this:
If you don't want to use Url Rewrite, you could always use a Umbraco community package, like HTTPS Redirect. I tend to stay away from using packages as it creates issues with your continuous deployment process, however, different clients have different requirements. Another reason I'd recommend staying clear of this package is that the re-direct will happen in the application pipeline, rather than in the IIS initialization pipeline. So the redirect will consume more server resources and take a slightly longer period (think milliseconds).
My final tip is to use the SSL labs analyzer tool, here when setting this up. This tool can be used to test how secure your website is 💥
Conclusion
In today's post, I've covered the benefits of using HTTPS with your Umbraco website. Implementing HTTPS will not only make your website secure, Google will also rank your pages higher. If you are new to SSL certificates, buying and installing an SSL certificate is a fairly cheap and quick process. I've implemented HTTPS on multiple occasions and it is usually less than an hour from registering the cert to installing it. Enabling HTTPS in Umbraco is pretty painless, add a redirect rule and set Umbraco to use SSL and off you go. Happy Coding 🤘