Back in 2014, Google first announced the push for all websites to move to HTTPS so it quickly became an important topic amongst website SEO companies. The reason for this is they are awesome and want to make a safer place for us all to browse! Since then, they have been rolling out changes to the Chrome browser, to encourage everyone to make the switch.
Most of you will have noticed by now, a lot of websites you visit will get the little green padlock to the left of your address bar:
That’s telling you the website is HTTPS (Hypertext Transfer Protocol Secure), and therefore, a secure site. In our digital age, where almost everything we do is online, consumers have become more and more focused on this green padlock, and all that it stands for. Thus, if you don’t have it, you’re leaving yourself behind the eight ball, so to speak.
Put simply, HTTP is the protocol over which data is exchanged between the browser and a website. The ‘S’ at the end stands for ‘Secure’ and means the data is being encrypted during this exchange, preventing any third party from listening in or stealing personal information.
Since the initial announcement back in 2014, we have been recommending everyone transfer their websites over to HTTPS as soon as practical. In August 2017, there was another phase of Google’s encouragement rolled out which was sent out via their Google Search Console stating:
“Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode”.
So, if you still haven’t made the change to a HTTPS website, this ugly ‘Not Secure’ message will be popping up in the Chrome browser, next to your website:
First step! Get an SSL Certificate….
Why an SSL Certificate is Required
SSL certificates are what keeps websites secure and enable HTTPS to appear in the address bar. SSL stands for Secure Sockets Layer, which quite literally acts as a protective layer between two systems – either a server and a client or two servers.
It safeguards any data that is being shared between the two systems. For example, on an e-commerce website, the SSL certificate protects the purchaser’s payment details and other private information from criminals being able to steal it.
SSL certificates help to protect information such as:
- Login credentials
- Credit card/bank details
- Personal information – name, DOB, address
- Proprietary information
- Legal documents & contracts
So, you can see why having a HTTPS website and an SSL certificate to support this is so important to ensure your website is secure, especially in this day and age where cybercrime is getting increasingly worse.
How SSL Certificates Work
When a user types in a web address to their search bar and clicks enter the following process happens:
- The browser/server connects to a website (i.e. a web server) secured with an SSL and when doing so the webserver needs to identify itself.
- The web server sends the browser/server a copy of its SSL certificate.
- The browser/server then checks to see whether or not it trusts the SSL certificate provided and if it does it sends a message to the webserver to approve it.
- The web server sends back a signed acknowledgement to start an SSL encrypted session and encrypted data is then shared between the browser/server and the webserver.
It’s as simple as that! And to think this happens all within a matter of milliseconds. The internet really is quite an impressive network.
Types of SSL Certificates
For an SSL certificate to be valid, businesses need to purchase a domain certificate from a Certificate Authority (CA). Most CA’s will charge at least a small fee for an SSL certificate but you can get some for free. Once you obtain an SSL you have to configure this on your web host or on your own server. The type of SSL certificate you require depends on how secure you want your website to be.
The following SSL certificates range from less secure to most secure. Generally speaking, the less secure options are cheaper:
Domain Validated (DV SSL)
Best for a website that doesn’t exchange customer information as it is the less secure option.
Organization Validated (OV SSL)
If your website has forms and captures leads then this certificate may be the best for you, as long as you don’t exchange sensitive information.
Extended Validated (EV SSL)
This certificate offers the highest level of security and should be used on websites that require maximum security, such as those that exchange sensitive information.
The type of SSL certificate you choose depends on the type of protection you require based on the actions users are expected to take on your website.
Importance of Keeping Your SSL Certificate Updated
It’s so important to keep your SSL certificate up-to-date either manually or automatically, otherwise, your HTTPS website won’t be accessible and an error message will appear for the user:
This is something businesses need to avoid in order to maintain consumer trust and most importantly access to their website! If this happens to you, you need to contact your Certificate Authority as soon as possible to update your SSL certificate and resolve the issue.
Plus if you have an e-commerce website and take online payments it’s actually a requirement to have an SSL, hence you will most likely lose customers if it’s not up-to-date.
Main Reasons You Should Move to HHTPS
At this point, it’s safe to assume it’s not a case of ‘if’ you move your website, but rather ‘when’. It will certainly pay for you to get ahead of the curve, so here a few of the major reasons why you should conduct a website SEO audit move now, rather than later.
Added Security for Your Website
We hear horror stories every day about websites being hacked and people’s personal details being stolen. Data sent via HTTPS is encrypted, preventing others from listening in or stealing information. Why wouldn’t you want to add this extra layer of security, to one of your most important assets, your website!
Google announced back in 2014, that moving to HTTPS will give you a minor ranking boost (so Google are more likely to give you a favourable ranking). This will inevitably become a larger factor moving forward, so may as well take advantage of this now!
Online consumers are a switched on bunch these days, so it’s important your customers have confidence in your website and its online security. The big green SECURE padlock is going to help you achieve this. If you don’t have it, and a competitor does, consumers will certainly move to the safer option.
So How do You do it?
There are plenty of tips and tricks out there, on the best way to make the migration. The first step is to talk to your developer about the best way to move forward. SEO Tip: Make sure you keep an eye on your traffic and rankings throughout the process, to ensure a smooth transition.
Need Help Acquiring an SSL & Migrating to HTTPS?
White Chalk Road have helped many of our clients manage the migration process from an SEO perspective. Contact our team today for some expert advice.
The Risks Moving to HTTPS
If you care about your organic growth and SEO then you do need to consider the move carefully. It’s important to involve your SEO manager and web developer in the process so they can make the transition as smooth as possible. Like any big website change particularly one that involves site-wide URL changes, there’s no exact answer as to how your website and keyword rankings will be affected. However, if you follow Google’s best practices and have trust in your SEO expert and web developer you’ll be on a good track to making your website better in the long run.
HTTPS Migration Best Practices
What do you need to do when you decide to move your website to HTTPS? Here’s a basic checklist:
- Obtain an SSL certificate from a reliable certificate authority with a high level of security (2048-bit key). It’s important to make sure the certificate is registered to the right website name and at all times the certificate is kept valid and up to date 301 redirect the old HTTP pages to the new HTTPS on a page-to-page basis
- Make sure all internal links are also pointing to the new HTTPS
- Make sure the XML sitemap and robots.txt files are updated
- Make sure your web server supports HTTP Strict Transport Security (HSTS) and that it’s enabled (this tells browsers to automatically direct users to the HTTPS version of a page even if they type in HTTP alongside telling Google to show the secure URLs in the search engine result pages)
- Verify the new HTTPS version of your website in Google Search Console and upload the new sitemap (note you don’t have to use the change of address tool if you’re just moving from HTTP to HTTPS)
- Where possible update all offsite links to the website, this may include on your social media pages, any business directories and anywhere you may have guest posted
Will your traffic and rankings drop when moving to HTTPS?
Google clearly states on their HTTPS migration support pages that they treat the HTTPS switch as a site move and ‘you may experience a temporary fluctuation in site ranking during the move’.
This occurs because Google needs to re-crawl and index your website again. How long the ranking recovery takes is not a set-in-stone answer as Google has no fixed crawl rates and it also depends on your server speed.
Moving to a HTTPS website (if you haven’t already) should be at the top of your website plan. It’s important when you do make the move that you’re prepared to manage the risk involved and have experts on hand to guide you along the right track.
When you make the move, you may see a small ranking boost, however, don’t expect to automatically jump to the top of the search results. To put it in perspective, currently, the HTTPS ranking signal carriers less weight than high-quality site content so make sure you work out your online priorities for your website and budget.
If you are considering making the move to HTTPS now or in the near future (highly recommended) and would like further advice from an SEO perspective, please contact us online.