This article talks about the importance of HTTPS and it’s placed in the online market. Not just for security but also for consumer trust.
5 minutes required reading time
By Kate Bartels / Digital Content Specialist.
In today’s digital world, being up to date with all the latest industry trends and updates is vital to staying ahead of the game. If there’s one aspect that’s more important than knowing how your consumers operate online, it’s creating a safe space with secure connections.
Lately, there has been a huge focus on data security and lots of people being sceptical of the way their data is used online. Controversies like the Facebook Cambridge Analytica incident means consumers have become savvy and are diligent about where they enter their details and even the sites that they visit.
Google set a deadline of July 2018 for your website to make the switch, so if you still aren’t using a secure HTTPS connection you could be in real trouble. Because of this, your site needs to be as safe and secure as possible. Not just to benefit your consumers, but for you as a business owner.
Switching your website from HTTP to HTTPS is something that began a few years back, but there are a significant amount of businesses that still haven’t made the switch. We are now at a time when making the switch isn’t just a recommendation, it’s necessary to meet Googles standards of what is recognised as a safe website and in turn, support higher rankings.
If you think your customers will overlook the fact that your website is unsecure, think again. Not only will they visit a competitor, but they are also likely to know that you are lagging behind when it comes to keeping up online.
What is the difference between HTTP and HTTPS?
The primary difference:
HTTP – Hypertext Transfer Protocol. Basically, this describes the protocol used to send data between a user’s browser and the site they’re connected to.
HTTPS – Hypertext Transfer Protocol Secure. As above, but secure. Messages between the browser and site are scrambled, so no one else can read them.
Why make the switch to HTTPS?
Google outline several reasons in their website migration guide. The web giant is heavily encouraging people to make the switch helping to make the internet as safe as it can possibly be.
Simply put, if your website isn’t HTTPS secure, Google Chrome will put the words ‘not secure’ text to your page, and it will also give preference to those that are secure.
All data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three layers of protection:
Encryption. Encrypting the exchanged data to keep it secure from eavesdroppers. This means that when the user is browsing a website, nobody can listen in, copy information or track their activity.
Data integrity. Data cannot be modified or corrupted during transfer without being detected.
Authentication. This proves that your users communicate with the intended website. Basically, it protects against man-in-the-middle attacks and in turn, builds trust with your users.
Simply speaking, having an HTTPS website is the difference between a secure check out for online shopping and a third-party stealing credit card details.
There is a range of other benefits like the Google ranking boost, which should be a priority for both business owners and SEO specialists alike. Google is beginning to focus in on ranking pages with a secure HTTPS network higher than those without, regardless of SEO practices or keyword optimisation.
Does HTTPS completely secure my website?
Although HTTPS is the safest option for a secure network, there are always threats online that we leave ourselves vulnerable to. It’s always best to be proactive and be aware of the following:
– Downgrade attacks
– SSL/TLS vulnerabilities
– Heatbleed, Poodle, Logjam, etc.
– Hacks of a website, server or network
– Software vulnerabilities
– Brute force attacks
– DDOS attacks
If this all sounds like another language to you, don’t fret. Our tech specialists at Adaptify Digital are ready to help you make the all-important switch.
Making the switch from HTTP to HTTPS
Here’s a very simple, easy to understand breakdown of the process:
– Start with a test server. This lets you sort out all the finer details and glitches without the website being live. Even if you are switching without a test server there isn’t much you can’t recover from, but it’s always best to get some practice in first and have it tested ahead of time.
– Make sure you’re across the current state of the website and are aware of what needs changing and tweaking.
– Get a security certificate. You can grab one from a whole heap of providers. Each server will have a different setup process, so make sure you do your research.
– Make sure all your references and mentions of the site in your content, images, links and scripts are replaced. You’ll want to update all references to internal links to use HTTPS.
– Update canonical tags. Most CMS systems will take care of this for you when you make the switch, but double-check because that’s not always the case.
– Check all your plugins, modules and add-ons to make sure that they don’t contain unsecure content – your new secure HTTPS site won’t like it.
– CMS-specific settings may need to be changed. For major CMS systems, these are usually well-documented in migration guides.
SORTING OUT THE DETAILS
It’s important to remember that this is a basic overview, and more specific tech-language steps need to be included to have a seamless switch to HTTPS
– Make sure any external scripts that are called support HTTPS.
– Update old redirects currently in place. Being proactive with this can be the main difference between high or low traffic and rankings.
– Crawl the old URLs for any broken redirects or any redirect chains
– Update sitemaps to use HTTPS versions of the URLs.
– Enable HSTS. This is important because it makes your website load faster and makes sure your browser is always using HTTPS.
– Enable OCSP stapling. This enables a server to check if a security certificate is revoked instead of a browser, which keeps the browser from having to download or cross-reference with the issuing certificate authority.
– Add HTTP/2 support.
– Update your search engine webmaster tools to recognise the HTTPS version of your site. This is important because traffic drops can be misdiagnosed when the traffic was just moved from an HTTP to an HTTPS page.
– Update the disavow file if you had one for the HTTPS version.
– Update your URL parameter settings if you had these configured.
– In your analytics platform, make sure you update the default URL if one is required to ensure that you are tracking HTTPS properly, and add notes about the change so that you know when it occurred for future reference.
– Update your social share counts. This can be overwhelming when it comes to reporting, but there is a ton of resources available to help you wrap your head around it.
– Update any paid media, email or marketing automation campaigns to use the HTTPS versions of the URLs.
– Update any other tools such as A/B testing software, heatmaps and keyword tracking to use the HTTPS versions of the URLs.
– Check, double check and triple check to make sure everything is running smoothly. The transition to HTTPS can be a bumpy road, so it’s best to expect challenges.
Common problems with HTTPS migrations
Of course, there are always going to be challenges and frustrations when you are switching over from HTTP to HTTPS. Some of the most frequent problems include:
– Preventing Google from crawling the HTTP version of the site or preventing site crawl in general. This usually happens with the test server fails to update.
– Content duplication with both the HTTP and the HTTPS versions appearing.
– Different versions of the page showing on HTTP and HTTPS.
Most of the issues you will face come from poorly implemented redirects, which is why tidying up all links, URL’S and the likes are so important before going live.
How can I make sure this doesn’t happen?
Be sure to check subpages, as well as the home page and just about every corner of your site that you can think of. Leave no stone unturned. Take the time to see what’s going on with these as far as the status codes and hops, not just whether they get you to the right page.
Simply put, HTTPS is not going away. HTTP/2, Google AMP and Google’s QUIC protocol all require secure connections for browsers to use them. The fact remains that HTTPS is being pushed hard by the powers that be, and it’s time to make the switch.
Most of the common problems stem from poor planning, poor implementation or poor tracking. If you follow the steps outlined, you should have little to no trouble when migrating from HTTP to HTTPS.