Understanding what HTTPS, the impact it has on your site and how you can do the migration
In a previous post, we discussed HTTP vs HTTPS – SSL certificate impact on search engines (ssl seo impact). We looked into the reasons why the HTTPS migration movement is gaining traction and why it is becoming crucial to keep your website visitors safe and improve your SEO at the same time. As a progression from that article, Google Chrome (Download Google Chrome) has now indicated that they will start implementing steps to make the web a secure place.
Earlier this year Google Chrome made an announcement that they were taking additional steps in securing the web – “For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.
This statement has set the tone that security is everything and if website’s and webmasters do not comply with these notices and warnings, that they will be disadvantaged. That being said, there has been a large HTTPS migration with the below statistics being released:
- Over 68% of Chrome traffic on both Android and Windows is now protected
- Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
- 81 of the top 100 sites on the web use HTTPS by default
If you are not sure if your website is secure, then you can visit one of the resources Google has made available on how to check if a site’s connection is secure.
Some valuable insight was also provided at the end of 2017 by Search Engine Journal into the state of HTTP, what it means and what its adoption rates are.
What is the new Chrome browser going to look like?
Currently, browsers are still showing the green padlock for correctly secured websites, however that is going to change.
They have indicated as of July 2018 that they will add a “Note secure” label in front of an unsecured domain, with the eventual goal that those tags will be red – highlighting the fact that this is in unsecured website.
At the same time that changes are being made to highlight the bad, Google Chrome is phasing out the green secure padlock in favour for a plain url as it believes secure sites should be the norm. Instead of highlighting secure sites, it will start placing a much heavier visual weighting on non-secure sites. This will force webmasters to understand HTTP vs HTTPS and ensure that their website are all encrypted will SSL certificates.
Google also provides some valuable insight into how website owners and webmasters can avoid the non-secure warning in the Google Chrome browser.
Why is there a push to migrate to HTTPS?
So, the one big question that needs answering is “Why do I have to migrate to HTTPS?”. It is one thing to say that this is what needs to happen and what is going to become the new norm, but it is important to understand why.
According to Google there is one core reason why this movement is taking place – security. Within the realm of security there are three main benefits attached to HTTP to HTTPS migration. These include:
- Privacy: When your information and data (both sending and receiving) is encrypted then it means that no third party can dial in and listen to your conversations, track your activities, or steal your personal information.
- Data integrity: When unsecured data is sent and received over the web then it stands the chance to be altered. With HTTPS, modifying or corrupting data during the transfer process will cause an error in decryption of the encrypted file(s).
- Authentication: When files are Successful decryption proves that you are communicating with the genuine site, preventing “man-in-the-middle attacks” and building user trust.
How do you migrate a website from HTTP to HTTPS?
First and foremost, the platform your website is running on needs to be taken into consideration. If you have a custom coded website then the process is more complicated, but if your website is built on a platform such as WordPress then the process is simplified.
Search Engine Journal provide an in-depth step-by-step guide on how to migrate your WordPress website to HTTPS, but we will also be giving you a quick overview to show that the task is not as daunting as it may seem.
Steps to succeed with your HTTPS migration:
As with any major ‘operation’ on your website, before you start any ‘procedure’ you need to make a complete backup of both the files and database. Should something go wrong you will need these files to restore the website back to the way it was. These steps are mainly geared towards the migration from http to https wordpress.
1. SSL Certificate installation
Prior to taking any action on your website, you will first need to order, pay and install your SSL certificate on your server. If you host your own website then you would need to order directly from the SSL certificate providers and install it. If you are hosting your website with a hosting company then you can contact them and they should give you different certificate options to choose from. Once paid and installed your website will be ready for editing to become secure.
2. Search and Replace http with https
One of the main reasons a website will continue to display as unsecured after a security certificate has been installed is that the website is still rendering non-secured resources over http. WordPress has a range of plugins that do a great job of forcing a https connection and changing all the resources from http to https. However, more often than not there are resources that have been custom coded or that are embedded within a theme that would require manual updating. These can be found with a file search and replace on the server files and database. If the amount of http resources rendered are few then you can right click and view the page source. Once on the page source you can search for “http” and all resources will be highlighted. Those items can then be found and manually updated.
3. Add redirects
If you are using a plugin to facilitate the migration from http to https then most of this will be done automatically. It is still important for you to understand the importance of redirects on SEO and the role they play in https. As stated above if you use a plugin then this may happen automatically, but whether automatic or manual the same file needs updating, which is the .htaccess file. As this file is the heartbeat of your website we will not tell you what to put in, but would prefer that you contact us. If any mistakes are made in the .htaccess file then you can experience a fatal error. The redirects you want to be putting in place are to force the https command.
4. Change website name & URL
Once again, if you are using a plugin to facilitate the process then this may be done, but it is important to note that you will need to make sure that your website address and site URL are changed. This setting is found under the general setting tab in your WordPress backend. Once completed your details should look similar to the example below.
5. Change Google Analytics, Search Console & other tracking resources
Most tracking platforms track the specific URL that is provided to them. To ensure you are getting accurate data it is important to update all campaign URLs to the updated https version. In terms of the Google Search Console there is a more important reason to add this new website version and relates to duplicate content. Within the console you will add all possible variations and set your preferred version which Google will use for indexing. If a preferred version is not selected then websites run the risk of different versions being indexed and penalised for duplicate content. Lastly it is important to resubmit your website to the various search engine platforms to crawl and re-index the updated URL.
HTTPS migration – Conclusion
Google has now made it very clear that it has the full intention of converting the web into a secure space. It is important that online users become aware of what the new update looks like visually for both secure and unsecured websites so there are no surprises. It is also important for website owners and webmasters to understand why this is happening so they can buy in and contribute to a safer online environment. The last thing is that websites need to start making the move to migrate from HTTP to HTTPS as soon as possible, following a few key steps and processes.
One thing that has also become very important is that SEO professionals and webmasters start integrating security features into other search related activities such as on-page and off-page seo, optimised content and detailed reporting to achieve success. We all know search optimisation has evolved and is constantly changing. For this reason it is critical for all web users and contributors to be safe and smart.
If you have an old website with a large number of pages/articles then the process may be more laborious as it may be required to comb through old code and links. HTTPS migration seem like a daunting task and it can be if you are not familiar with the processes, but if you enlist the skills of a professional then you can comply with ease.
It is important to note that once the update rolls out in July 2018 that visibility unsecured website warnings may have a dramatic impact on website performance and results. This should be motivation enough to make the move and take on that ever elusive HTTPS migration.