Although this isn’t a new topic in the SEO and web development conversation, switching your site over to HTTPS has become a must-do in 2018. Google’s suggestion to webmasters to switch their sites to HTTPS has become increasingly convincing to the point that now if you are not encrypted with HTTPS you will be marked as “not secure” on Chrome browsers.
Thankfully, this is not a very difficult transition. MARSWorks has converted numerous sites into Google’s “good books” with HTTPS migration, join in on our discussion and you’ll soon realize just how simple this really is!
What is HTTPS?
Would it surprise you to learn that much of the information passed between web browsers and web servers (the machines that contain websites and web application functionality) is fairly human-readable text? Would it also surprise you to know that there are many places along the route from your web browser to the web server that can be compromised, allowing someone to “snoop” on your communication? HTTPS is a protocol that ensures that all of the traffic that passes between your web browser or the app you’re using is encrypted. The specific subject of encryption is beyond the scope of this post, but think of encryption as a way to turn normal, readable content, into a dizzying jumble of characters that is impossible to decode (impossible that is without the “key” to decrypt the information). As of January 2017, over half of the web is now encrypted by HTTPS.
HTTP stands for Hyper Text Transfer Protocol, this protocol is how data is sent between your browser and the website that you are connected to. The additional S stands for secure – this signifies that any data you are sharing during this connection is encrypted. This is used to protect your confidential information used during online transactions, or the transmission of any sensitive information. The key thrust of this new effort is to ensure that virtually all traffic passing through the public internet systems, is encrypted and for the most part safe from information thieves even if they were to obtain your transmission.
Why Should I Migrate to HTTPS?
We’ve known that Google introduced this as a small ranking signal since 2014. After many discussions in the past few years, we now have an official statement from Google that as of July 24, 2018, all HTTP sites carrying sensitive data will be flagged to the user as not secure in the Chrome browser.
This alone goes to show you that it is certainly important to make the switch to HTTPS, however, is it really necessary?
Our answer here is – Yes.
First of all, if this does assist in a boost your search engine rankings, that alone is proven to increase the number of visitors to your website. This should certainly make sense for any website’s goals.
Secondly, if you have a site that is collecting online payments or asking users to submit important personal information in any form, you need HTTPS to ensure that exchange in information is not susceptible to hackers.
Ok, so how do I do it then?
Steps to take towards HTTPS
In most scenarios in web development, making big changes should be completed on a staging site. This way it can be tested for any faults and then moved to the live environment. In the case of changing over to HTTPS, this remains true and a safe course of action.
Our first step is to always create a backup of the site, so even if you decide to forgo running these changes on a staging site you still have a safety net in the case that anything goes wrong. This can be done via most hosting platforms, such as WPEngine or Pantheon (our preferred hosting environments for WordPress and Drupal website hosting).
Once you have these fall backs set up you are ready to proceed with obtaining a certificate. Typically this is often referred to an as SSL Certificate, although the SSL protocol is now officially dead and replaced with its more secure counterpart, TLS (although nobody has started calling these TLS Certificates yet!).
Getting the Certificate
It couldn’t get easier than the click of a button. With third party software like Let’s Encrypt, you can literally click a button to encrypt your website and even better – they provide certificates for free!
On the other hand, there are benefits of paid SSL certificates. You can provide more information in the URL bar beside the green “secured” lock by subjecting your organization to a bit more of a vetting process.
Once your site is encrypted, there are a few steps to take to ensure everything is in working order.
What to do after switching to HTTPS
At this point, you’re on the home stretch before having a fully functional HTTPS site.
You will need to set your site and home URL to the new HTTPS version. This is easily done on WordPress by going to Settings > General. Sometimes you may need to access your wp-config file and change your URL’s there.
In your browser’s address bar, given there are no issues, you should get the Green Lock signifying that your website is secure. If not, you can click on the icon and it will show you a list of errors. It is necessary you go through this list and fix all issues for a web browser to announce your website is safe and secure. This can be anything from updating the URL in your theme or an image pointing to an HTTP link. Once fixed, you will have the green lock!
There are a few items to address to ensure the user experience remains perfect and Google can still index your site.
Of course, you’re probably thinking about 301 redirects. This will ensure that any HTTP page is redirected to the HTTPS version. This is usually done automatically, but in the case that it isn’t you will need to ensure that redirects are handled manually.
You will also need to generate a new sitemap for your HTTPS site. Afterwards, create a new property in Google Search Console to submit the sitemap. This is an often-missed step. The Change of Address Tool in the Console is not for changes to HTTPS, a new property is needed as Google views it as an entirely new URL.
While you’re at it, make sure to go through Google Analytics and any paid marketing platforms you use and ensure they point to the HTTPS version of your site.
If your robots.txt points to your sitemap, you will need to ensure the file is updated.
You may have been sitting on the thought to switch to HTTPS for a while, wondering if it is worth it or how much effort is needed for the process. The benefits certainly are worthwhile and in a few weeks you’ll have no choice if you want visitors to your site not to be told you aren’t running a secure website. Don’t wait, get moving on this today! During the entire process make sure you are monitoring your website traffic and Google’s Search Console messages to ensure the site is working properly.
As for your ranking in Google, HTTPS may be one small ranking factor, but you should always be working towards a more conclusive site optimization and this is necessary as Google works increasingly at convincing everyone on the web to make the switch.