More Than 50% of Web Traffic is Now Encrypted
In October 2016 Mozilla Telemetry showed more than 50% of page loads were encrypted with HTTPS. This week Let’s Encrypt is reporting that more than 50% HTTPS page loads is now the norm, a major milestone for HTTPS adoption across the web.
Per @Firefox Telemetry, more than 50% HTTPS page loads is now the norm! pic.twitter.com/7mo8VPrpbq
— Let's Encrypt (@letsencrypt) January 30, 2017
Google’s Transparency Report shows similar numbers for HTTPS usage, confirming that secure browsing has become the norm. Google found that HTTPS is less prevalent on mobile devices than desktop but the percentage of pages loaded over HTTPS is steadily on the rise across the board.
The launch of Let’s Encrypt, the new free and open certificate authority, is one of the main factors causing the rapid rise in secure traffic. Thanks to sponsorships and partnerships with hosting companies and services, Let’s Encrypt closed out 2016 with more than 20 million active certificates.
Google’s influence has also been one of the driving factors in HTTPS adoption after the search engine announced in 2014 that it was starting to use HTTPS as a ranking signal. As of 2017, Google Chrome is adding a prominent security warning for HTTP sites.
Throughout 2016 many major publications moved to HTTPS, including the Guardian, Washington Post, Wired, Engadget, Ars Technica, and New York Times, to name a few. Nearly all of them publicly documented the challenges and triumphs of their HTTPS transitions.
In July 2016, security researcher Scott Helme crawled the Alexa Top 1 million sites to measure how security is progressing on the web. In his previous scans, which included August 2015 and February 2016, the top million sites saw a 42% increase in HTTPS adoption. Helme’s July 2016 crawl showed a 46% increase from February 2016.
Despite the overall growth, the number of HTTPS-enabled sites is just 13.75% of Alexa’s top million. However, these are the sites that serve the most traffic: Google, YouTube, Facebook, Amazon, and others. These results are consistent with Electronic Frontier Foundation’s (EFF) reports that HTTPS adoption is growing the fastest with smaller, previously-unencrypted sites.
Let’s Encrypt’s launch has also had a ripple effect on commercial certificate authorities who are now moving to offer domain validated SSL certificates for free in order to promote their other security products. Symantec is now partnering with hosting companies to issue free certificates as part of its Encryption Everywhere program. Comodo also announced a partnership with cPanel in December 2016 to automatically issue SSL certificates at no additional costs to consumers via cPanel’s AutoSSL feature.
Securing half the web’s traffic is a major landmark on the road to a fully encrypted web, but encryption advocates will need to continue educating website owners on the benefits of making the switch to HTTPS. With the necessary infrastructure now in place for anyone to get an auto-renewing SSL certificate for free, Let’s Encrypt director Josh Aas is optimistic about progress on the remaining 50% of the web.
“As exciting as 2016 was for encryption on the Web, 2017 seems set to be an even more incredible year,” Aas said “Much of the infrastructure and many of the plans necessary for a 100 percent encrypted Web really solidified in 2016, and the Web will reap the rewards in 2017. Let’s Encrypt is proud to have been a key part of that.”
12 Comments
Lots of hosts are offering free LetsEncrypt via cPanel, which makes it easy to activate.
WordPress dot org should use this as a metric when recommending hosts.
Report
Well, there’s this https://wptavern.com/wordpress-will-only-recommend-hosting-companies-offering-ssl-by-default-in-2017 or are you saying that the ease of installing an SSL cert should be a metric?
Report
We are using ssl from lets encrypt and our search ranking is increased. Is there a way to track ssl visitors in Google Analytics ? They are showing (not set) & (not provided).
Report
I bet Comodo are gutted Let’s Encrypt came about and with it’s easy to use Plesk add in it’s deffo a winner!
Report
As far as I know, Comodo and cPanel already joined forces to enable automated SSL Encryption. But I agree that Let’s Encrypt is the winner so far.
Report
That is really great. But the sad news is there are still many weird hosts who will not support Lets Encrypt. They are still looking for making some extra bucks out of selling SSL certificates. Very unfortunate for us :(
Report
I have lets encrypt installed, but my site is also still accessible through http.
What is best? Redirect all traffic to https? And how? What’s the (SEO-)safest way to do this?
I can’t seem to get those questions cleared up?
Report
Is the site indexed in Google and Bing as HTTP or HTTPS?
Report
I would definitely recommend the entire website be moved to HTTPS with proper redirects set up for pushing all HTTP traffic over to HTTPS.
Google is moving more and more towards HTTPS and as of this month started sending our warnings to webmasters for what they considered violations for non-compliance.
Be ahead of the game and move to HTTPS now!
PS: Search Engine Land, Yoast, and Moz should all have good articles on maintaining SEO with HTTPS moves.
Report
You can force your site to redirect from http to https in 2 ways.
Use a WordPress HTTPS plugin https://wordpress.org/plugins/wordpress-https/
Update rules in your site’s .htaccess file
https://help.dreamhost.com/hc/en-us/articles/215747758-How-do-I-force-my-site-to-load-securely-with-an-htaccess-file-
Update Google Analytics
=======================
First update settings at:
https://analytics.google.com
Go to ADMIN, select property and then change the http:// to https:// for the Default URL at:
PROPERTY/Property Settings
VIEW/View Settings
Then go to WordPress and change Google Analytics Settings:
First: Clear Authorization
Then: Reauthorize again and check that General Settings\Default URL: start with https://
Save the changes.
Report
After installing SSL, Use this WordPress SSL Plugin to redirect all traffic.
https://wordpress.org/plugins/really-simple-ssl/
I have used this plugin on all my sites. It is really simple. I think it is the only active plugin in its class.
The plugin is up to date with the current WordPress version.
Report
When we moved some of our clients to SSL, the initial indexing was sluggish. But once the pages were indexed, we have seen traffic growth upto 100%
Report
Comments are closed.