Back in the old days, HTTPS was either for payment pages or login areas of websites.
Things have moved on since then and these days HTTPS is increasingly used for entire websites.
What’s driving this switch?
Why Switch to HTTPS?
Well in part it’s due to Google’s drive to make the web safer. They don’t often tell us what their ranking algorithm consists of but in August 2014 they clearly stated that HTTPS is a Google ranking factor.
You would have thought that businesses would be falling over themselves to switch to HTTPS but research showed that less than 3% of key UK B2B sectors had actually made the switch.
So what’s holding them back? It could be lack of knowledge of HTTPS – people have enough on their plates running their businesses.
Or maybe it’s fear that they’ll make a mistake or mess up their current rankings.
Whatever the reason the direction of travel is clear – HTTPS is increasingly the basic table stakes. You’re going to have to make the switch sooner rather than later so you might as well grasp the nettle.
So that’s what this post is about. We’ve helped hundreds of businesses make the switch to HTTPS and here’s the step by step process.
What is HTTPS – How Does It Work?
Before we look at the nuts and bolts of switching let’s quickly understand what HTTPS and how it works.
HTTPS is the Secure version of HTTP which is the standard protocol used for browsing websites.
The problem is that HTTP traffic can be intercepted so it’s not recommended for passing sensitive data like payment information or login credentials.
That’s where the ‘S’ for ‘Secure’ comes in. The way it works is that it creates an encrypted and impregnable link between the web server and the browser viewing the website.
In order to set this up you’ll need an SSL Certificate (SSL = Secure Sockets Layer).
Types Of SSL
There are all sorts of SSLs and they are issued by different companies. Some are free, some are paid, some work on one domain others for several but essentially they all work in the same way.
These enable you to have HTTPS and are often referred to as the padlock area of a website.
You don’t get more security for more money. Rather you get more features or a more rigorous verification process before the certificate is issued.
Here are some of the main types you’ll come across:
- Free SSL – This type of certificate is often issued for free by web hosting companies. There are some limits such as you need to manually renew it every three months so it’s more of a Freemium option.
- Domain SSL – Most common form of SSL. The cheap and quick issue with limited administration and no paperwork involved but can only be used on one domain.
- Wildcard SSL – Same features as Domain SSL but with the added advantage that can be used on subdomains of the main domain.
- Organization SSL – Enhanced option SSL which requires verification of the business and is issued in 1 to 2 working days.
- Extended SSL – Premium SSL requiring strict ownership and physical presence verification and is issued within 3 to 4 working days. Full green browser bar with company name showing.
Buying & Installing An SSL Certificate
You can buy your SSL from a specialist SSL vendor or from your hosting company.
There is some verification that’s required but it’s pretty straightforward and they will be able to help you do that. As a minimum, you’ll need to verify the certificate by email before it’s issued.
Once you have the certificate code your host will be able to help you install it.
Now you just need to follow the steps below for a hassle-free switch to HTTPS.
Step 1: Perform A Full Backup
Don’t leave anything to chance. Make sure you have a full backup of your site before you do anything.
If you use a control panel like cPanel there’s a backup manager to help you but if in doubt contact your hosting company to help you.
Step 2: Update Your Internal Links
Next, you need to run through all the internal links in your website and switch them from HTTP to HTTPS.
This is to avoid any possibility of getting crawl issues for SEO such as 404 errors (page not found).
On smaller websites, this is a pretty straightforward task that can be performed manually by an experienced designer in no time.
If you have a large site with dozens or hundreds of pages then you’ll probably want to invest in some tools that can make bulk changes.
Step 3: Update External Links You Control
If there are links that you control such as from Social Media profiles, Directory Listings or other websites you own you should take the time to update the URLs from HTTP to HTTPS.
Step 4: Setup 301 Redirects
A 301 redirect is the standard way of permanently redirecting traffic from one URL to another.
In this case, we want to redirect any HTTP traffic to your site to the equivalent HTTPS link.
If you’re hosted on Linux servers, for example, you would just need to make changes to the htaccess file.
If that all sounds like technical gobbledygook to you then it’s best to hand that over to a professional web developer, but don’t worry it’s not a huge job.
Step 5: Update CDN SSL (Optional)
This step only matters if you are using a Content Delivery Network (CDN) like eg: CloudFlare.
If you’re not sure just ask your hosting company or Developer.
If you are you’ll just need to contact the CDN support team for specific instructions on how to update this.
Step 6: Update Tools and Transactional Emails
Often a website will be surrounded by a plethora of different tools. Just make a list of all the tools you use then login one by one and check if you need to update the URL from HTTP to HTTPS.
Likewise, if you send out emails from your business that include links then make sure to update these.
This could be Transactional emails like invoices for example where maybe you include a link to a login page or Client Area.
Sure the 301 redirect will already have set up the redirection so they wouldn’t get an error using the old link but it’s belt and braces – it just looks more professional.
Step 7: Landing Pages & Paid Search
Are you using Paid Search like Google Adwords or Facebook Ads?
If you are, check that any landing pages you are using are set up as HTTPS. The last thing you want is to be spending your budget on traffic that’s being sent to the wrong pages.
Step 8: Google Analytics & Search Console Updates
Finally, make sure that you let Google know that you’ve switched.
That means updating Google Analytics and Google Search Console.
In Analytics that means switching the Default URL to HTTPS and in Search Console you need to submit the new HTTPS site and re-submit your sitemap.
Again, if you are unsure ask an experienced Developer but this is straightforward stuff.
HTTPS is increasingly the basic price of entry these days and is being encouraged by Google. Failure to switch could harm your search rankings so it’s a question of when not if you switch. SSLs are cheap and easy to install. When you switch to HTTPS be sure to update your internal and external links, set up a 301 redirect and update your Google properties.
Author Bio: Tony Messer is the Founder & CEO of UK web hosting company Pickaweb. Tony is an expert in online marketing and has helped thousands of business owners to get online, get found and get more customers. Tony is the author of a 5 Star Amazon Rated book “The Lazy Website Syndrome” and speaks regularly at business events.