In 2014, the Internet’s security suffered one its biggest vulnerabilities: The Heartbleed Bug. This bug could allow anyone to read information protected by SSL/TLS (e.g. a server’s password), which in some cases could grant access to an entire websites back-end data.
This prompted Google to make HTTPS a ranking signal, which would provide sites with a stronger data encryption, which would be much less vulnerable to bugs like Heartbleed. And so the migration en masse from HTTP to HTTPS begun.
As part of Google’s battle for promoting and encouraging more secure websites, in 2018 we will undergo two further turning points: in July with the release of Chrome 68, the web browser will mark all HTTP sites as “not secure”, and with Chrome 69, due for release in September, the green padlock will be grey and the “secure” message for HTTPS sites will disappear.
Eventually, the padlock will be removed too, and only non-secure sites will be signposted.
If your website is not HTTPS yet, keep reading; we will be talking about how exactly HTTPS will make your site more secure, we will give you 5 reasons why you should switch, and finally a useful check-list for an easy transition.
What is HTTPS?
HTTPS is a method for encrypting information that is shared between a browser and a web server. Prior to HTTPS, any information entered on a website, e.g. via a form, payment card method, etc, could be accessible by hackers, making users vulnerable to threats like phishing.
The addition of SSL to HTTP, or what we know as HTTPS, adds a security layer to the transmission channel of the data. In other words, HTTPS acts like a shield that hackers are unable to penetrate and, therefore, your data remains safe.
- Your site will be secure: HTTPS protects your users and your information.
- The addition of the “Not Secure” label will act as a deterrent for users, which can affect your conversions.
- It’s good for SEO. Google’s algorithms rank higher websites that use encryption
- Google’s AMP requires HTTPS. Recently, Google developed AMP (Accelerated Mobile Pages), which is increasingly used for optimising websites for mobile. AMP speeds up the loading time of sites and has proven to improve search ranking.
HTTPS migration steps guide
At Skyron we have helped our clients migrate from HTTP to HTTPS, and from experience we have compiled the following list of steps that will help you with a smooth transition:
1. Buying an SSL Certificate.
There are three types of SSL certificates and when installed, it will activate the HTTPS protocol, establishing secure connections between the web browser and the server:
Domain validation (DV SSL): The Certificate Authority (CA) will check only your right to use the domain name. This is the fastest option if you need your certificate to be issued immediately.
Business/Organisation Validation (OV SSL): the CA will check your right to use the domain name and verify some information about your business as it will provide users with additional information about your organisation. OV SSL certificates can be issued in 1-3 days but provide a higher level of security.
Extended Validation (EV SSL): the CA will check your right to use the domain name and conduct a thorough vetting of your business, including, for example, the verification of legal, physical and operational existence and identity of yourself and your organisation. EV SSL certificates can be issued in 2-7 days, but provide a higher degree of trust and security as it is proving the validity and legality of your organisation.
2. Installing your SSL Certificate on your server.
Contact your hosting service provider as they will be able to take care of this step. If, however, your website is not hosted at present and you are looking for someone to securely do this for you, get in touch with us.
3. Check for any hardcoded links and update them to HTTPS.
4. Double-check for any third-party links that may still be HTTP.
5. Add new 301 redirects or verify existing ones.
A 301 redirect is a permanent page redirect that will ensure that when users land on your pages they will be taken to the new URL, and it is considered the best method for implementing redirects on websites.
6. Verify your robots.txt file.
Robots.txt file indicates what parts of your website should and shouldn’t be crawled, so you need to make sure that it is pointing to the correct HTTPS files and that it won’t be blocking any HTTPS requests.
7. Add a “canonical link”.
The rel=canonical element prevents duplicate content issues as it will tell search engines what version of the content over similar URLs is the preferred one. After your migration to HTTPS it will ensure that search engines are pointing to the HTTPS version.
And don’t forget to…
- Update your HTTPS URL in Google Analytics.
- Add a new property in the Search Console, resubmit the sitemap and the disavow file.
- Check any third party PPC URLs (Adwords).
- Update any URLs in your email marketing, social media links, and external links and backlinks.