You've seen the padlock icon in your browser's address bar thousands of times. You probably know it means something good. But do you know what's actually happening when it's there — and what's happening when it's not?
If you run a website, this isn't a technical curiosity. It directly affects whether visitors trust you, whether Google ranks you, and whether the information your users submit is safe.
HTTP vs HTTPS: what's the actual difference?
HTTP stands for HyperText Transfer Protocol — the system that governs how data moves between a user's browser and a web server. The problem with basic HTTP is that this data travels in plain text. Anyone positioned between the user and the server — on the same public Wi-Fi, for example — can read it. Usernames, passwords, contact form submissions, everything.
HTTPS adds a layer of encryption (the S stands for Secure). Data is scrambled in transit so that even if it's intercepted, it's unreadable without the correct decryption key. This encryption is provided by an SSL/TLS certificate — that's what produces the padlock icon.
If your website collects any information from users — a contact form, a newsletter signup, a login — and it doesn't have HTTPS, that information is being transmitted in plain text. This isn't a theoretical risk. It affects anyone on a shared or public network.
Why HTTPS matters beyond security
Google uses HTTPS as a ranking signal
Google has used HTTPS as a ranking signal since 2014, and has progressively increased its weighting. All else being equal, a secure site will rank higher than an insecure equivalent. For a business investing in SEO, running without HTTPS is leaving points on the table — confirmed by Google's own public announcements on the topic.
Browsers flag HTTP sites as "Not Secure"
Chrome, Firefox, and Safari all display a visible warning on HTTP pages — especially on pages with forms. Some browsers block access entirely with a full-page warning. When a potential client lands on your site and sees "Not Secure" in the address bar before they've even read a word, the trust damage is immediate.
It affects your conversion rate
Users are less likely to submit information — including contact forms — on sites without HTTPS. If your site generates leads through any kind of form, running without it is costing you conversions. The hesitation is instinctive: browsers have trained users to look for that padlock.
Getting HTTPS set up
For most websites, getting HTTPS is no longer complicated or expensive. Here's how it works:
- Get an SSL certificate. Most modern hosting providers include free SSL certificates through Let's Encrypt. If yours doesn't offer this, it's worth reconsidering your host.
- Install and activate it. Many hosts do this automatically or provide a one-click installation. For WordPress sites, plugins like Really Simple SSL handle the transition cleanly.
- Force HTTPS redirects. Make sure anyone who visits the HTTP version of your site is automatically redirected to the HTTPS version. This is usually a single setting in your hosting panel.
- Check for mixed content. After switching, some internal links or images may still reference HTTP URLs. These need to be updated, or browsers will still show warnings despite the certificate being active.
If your website was built in the last few years by a competent developer, HTTPS should already be in place. If you're not sure, check right now — go to your website and look at the address bar. A padlock means you're good. "Not Secure" means you have a problem worth solving this week.
Go to your website. Look at the browser address bar. Does it show a padlock icon? Click it — it should say "Connection is secure." If it says "Not secure" or shows a warning icon, your site needs an SSL certificate installed immediately.
Not sure if your site is set up securely? Book a free call and we'll run through your current setup — HTTPS, speed, and anything else that might be affecting your rankings or visitor trust.
Book a free call →