Update: We originally published this blog post in 2016, but it is still just as relevant today – if not more. In Google Chrome’s latest update, the browser now directly labels sites that are not using the HTTPS protocol as “Not Secure” in the top left corner of the browser. Sites that aren’t using the secure HTTPS protocol will also be negatively affected in the search rankings. We cannot stress enough the importance of having an HTTPS-secure website. Read on to learn more!
For those who do not know what it is, HTTPS (Secure HyperText Transfer Protocol) is a protocol extension of HTTP-enabled protection of transmitted data. Data integrity is achieved by using SSL (Secure Sockets Layer) or TLS (Transport Layer Security). HTTPS is a security protocol that guarantees confidential communication on the Internet. Thanks to these protocols, the information transmitted between the client and server cannot be intercepted.
Why should I switch my website to HTTPS?
- Secure Communication: This is the most important thing – HTTPS is necessary for secure communication with the customers as SSL Builds Trust and Credibility. It is very important to show your visitors that your site is secure and their information will be protected
- Increase Trust: Using HTTPS signals your website is trustworthy to search engines and to users
- Improves the reputation of your website
- Improve website analytics: Using HTTPS provides more accurate statistics of visits to your website
- May help your search ranking: HTTPS has been added to the list of ranking factors used by search engines like Google
- 85% of online shoppers avoid unsecured websites. Source: GlobalSign
The chart below compares HTTPS websites versus HTTP websites for the last 5 years. You can see that the number of HTTP websites continues to decline annually.
Now that you understand the importance of having an HTTPS website, how do you do it? Here are some important things to consider.
The first step in transferring the website begins with a request for an HTTPS certificate. The procedure is simple and many registrars or hosting companies provide this service (e.g. Go Daddy, blue host, etc.). When you purchase an HTTPS certificate, we recommend contacting a proven and popular certification center.
There are many types of certificates to choose from. Here are a few of them:
- Simple – used for one domain or subdomain (just email verification needed)
- Multi-domain certificate
- Extended Validation – the highest level of trust and protection
- Certificates IDN (Internationalized Domain Names) — with the support of the national domains
The certificate installation process is simple and many hosting companies have automated this process. Once you start this process, your website will be available under two protocols – HTTP and https. From here you have to:
- Correctly configure 301 redirects from HTTP to HTTPS. (Example: http://site.com to //site.com). This step is the most important and most critical, a misstep here could mean losing organic position
- Check that all website scripts are working correctly, especially scripts tied to external services like third party payment systems.
- Specify in Google Search Console (formerly Webmaster Tools) that you are now on HTTPS
- Update your sitemap
- Update robots.txt, by specifying the host and the sitemap with HTTPS
- Make robots.txt file available under HTTP protocol, so the search engine crawlers get the code “200”
- Test your website on other devices to make sure that browsers correctly understand HTTPS and do not give warnings to users
- Make sure that all redirects are set properly, to exclude the case of multiple redirections.
- Change website links from absolute to relative, to avoid generating redirects
- If you have disavowed links in Google in the past, this will have to be done again for a site with HTTPS. In Google Search Console (formerly Webmaster Tools) you will need to specify the website with www and non-www separately, and then specify the primary mirror
- If you are running a paid search advertising campaign (PPC), your destination URLs will need to be changed to HTTPS as well
- Don’t forget to continue to renew the HTTPS certificate.
By switching your website to HTTPS you may experience a temporary fluctuation in site ranking for several weeks, but after that your site should receive a small ranking boost. In the long run Google may increase the importance of https as a ranking signal, in which case it would increase the strength of the HTTPS boost.
If you decided to do the switching by yourself, ensure that you spend time on preparation to minimize the risks of transferring a site from HTTP to HTTPS.
Be sure to review the Google document listing the common pitfalls of using https.
For your benefit, we created this checklist “Moving from HTTP to HTTPS“. Remember, this is a general checklist and may not be adequate for your particular website configuration. You can also contact us and we will take care of this for you.