This article is for those of us who have websites but are not familiar with HTTPS/SSL and what it means for our sites, rankings and security. I’ll offer the most user friendly and non-technical solutions. I’ll assume that if you are a techie, you are already all over this and you don’t need my help!
What is HTTPS?
HTTPS is the secured version of HTTP which protects against security attacks by encrypting data sent over the internet.
HTTPS (Hyper Text Transfer protocol system) is a protocol that shows that your website or web application can communicate securely. It means that data is secured when someone is browsing a website and the information that they communicate is safe from being intercepted. It keeps personal information like usernames and passwords safe, as well as financial information like credit cards and bank details. It stops advertising being inserted on to your site on public Wi-Fi.
Browsing the web using HTTPS means that you can be relatively sure that you are communicating with the website that you intend to communicate with, not with an impostor.
Web browsers know whether a website is encrypted by detecting and verifying the security certificate of that site.
Why should you use HTTPS on your website?
Many browsers use a padlock to show if a site is secure, but in 2017 Google Chrome and Firefox have gone further by providing a “not secure” warning on any sites that use passwords, payment or other input fields but are not using HTTPS.
We know now that browsers already show users which sites are secure or not secure, but did you know that this can also affect your google ranking? Google has started using HTTPS as a ranking signal, meaning that if your site is not secure, you won’t rank as highly. As a trusted site with an SSL certificate using HTTPS you will rank higher in google search.
HTTPS is essential for e-commerce sites and sites that capture personal information but is also now the norm for all reputable websites. Be reputable. Use HTTPS.
Security of your customer’s data, SEO and credibility are major reasons to use HTTPS.
How do you move your site to HTTPS?
There is no magic bullet when it comes to migrating your site to HTTPS but is worth the effort. You will only have to do it once.
Like with any changes to your website, take a backup before you start (and this is just one click with All-in-One WP Migration)
- Get and install an SSL Certificate: First you need an SSL certificate, which is associated with your domain and hosting and does not sit within your WordPress installation. There are lots of companies that sell SSL Certificates online, such as SSLs.com, Media Temple, GoDaddy, Comodoand Namecheap. Let’s Encrypt is a valid option for getting a free SSL certificate, and many hosting providers work with them. It is easiest to first check what your hosting provider can offer. Many hosting providers offer free SSL but unless you look for it you might not know. Even if your hosting provider doesn’t offer free SSL, it is often easier to work with an SSL service provider that has a relationship with your host for a small additional fee.
- Check your SSL Certificate: Once you have an SSL certificate installed on your site using the instructions provided with the certificate, it is good to verify it. There are SSL check tools that you can use to verify your SSL such as Qualys SSL
- Change your WP dashboard: Update your site address in the WP dashboard to the https version.
- Redirect HTTP to HTTPS: We recommend that you follow the instructions that your hosting company gives you with your SSL certificate, rather than using a plugin to do this.
- Redirect Mapper to check that you don’t have too many redirects on your URL. Redirects are essential, but they can also slow down your site if there are too many.
- Update your hard-coded links: You might have links in your website that link to the HTTP version of your site. You should update these, even though the SSL plugin will redirect them. The Better Search and Replace plugin can help you achieve this.
- Update CDN: If you use a CDN, then update the address in the CDN plugin or console.
- Check for mixed content: Mixed content warnings occur when you have unsecure content on a secure page. Use SSL Check to check for unsecured content. If you have already updated your links, this should not show too many errors.
- Update your google search console profile: You need add a new property to your google search console that starts with Https:// and the resubmit the Https version of your sitemaps. If you have a disavow filefrom bad backlinks, you should resubmit this too. You can then delete the http version from the search console. You can update google analytics and any other search engine tools that you use.
- Update your website link on other platforms: If you link to your site from YouTube, Twitter, Facebook, Instagram, Pinterest or other platforms, you should update the links there too.
You might see a small drop in your search rankings in the short term. This is because google sees your site as a new website under the Https address. Whilst there are redirects in place, you can lose 1–10% of your ranking because of the redirects. This is a short-term issue until google re-indexes your site on Https — then your rankings should improve over your unsecured site! Plus, you will be trusted by your site visitors and customers and will be contributing to making the web a more secure place.