September 10, 2018 | Sarah Danks
Have You Switched to HTTPS Yet?
Up until somewhat recently, most websites across ye olde Internet were HTTP, or HyperText Transfer Protocol. HTTPS simply stands for HypterText Transfer Protocol Secure…
…but how big of a difference can one little ‘S’ be?
Even for people who’re online every day, it might not be easy to understand the ins and outs of HTTP vs HTTPS — much less any reason whatsoever anyone should give a hoot about it. A couple years ago Google said websites using HTTPS would get a slight boost in organic search results, but who cares about that, right?
Migrating a website over from HTTP to HTTPS can be a major PITA — in spite of the fact it’s only a one-letter difference — and many companies opted not to create the headache and heartache of making the switch just for some (slight) ranking edge.
But fast forward to over halfway through 2018, and we’re kind of programmed to see what Google wants us to see, especially when it comes to security. As a marketer myself, I still pause with my fingers poised over the keyboard, not quite certain if I want to proceed with my transaction because I see the website I’m on isn’t HTTPS:
In this case, I was setting up my online account for the new trash service, which meant in a couple steps I was going to be putting in my credit card information for recurring payments…
…and already I’m staring “Not Secure” in the face. Yikes. Doesn’t instill much confidence in this business keeping my very vital banking information secure.
Which begs the question — should everyone switch to HTTPS, or is it only necessary in certain cases?
Should You Change Over to HTTPS?
As ever, I’m a huge proponent of putting your users first. Think about how your visitors will feel if they come to your site and see “Not Secure.”
Still not sure if it’d behoove you to switch over from HTTP to HTTPS? Think of it this way: Will doing it — or not — have a detrimental effect on your bottom line? If so, then make the switch. If not — if your visitors don’t care, or it’s not that type of website (where people input vital information), and it’s going to be a huge deal to switch everything over — then don’t.
That said, eventually it’ll most likely be “required” by Google to have HTTPS in place:
“(HTTPS) protects the integrity and confidentiality of data between the user’s computer and the site…we encourage you to adopt HTTPS in order to protect your users’ connections to your website, regardless of the content on the site.”
With ever-increasingly clever ways to hack into people’s personal information, it’s important to be as secure as you can, especially when your website’s visitors are giving you important information. HTTPS offers a three-level protection known as Transport Layer Security (TLS) that HTTP just can’t boast:
- Encryption: kind of like obfuscating your email address in contact forms, encryption ensures that no one else can “see” what users are doing when they’re behind the protective layer of TLS.
- Data integrity: when information is transferred from one place to another across the Web is when hackers can jump in and get it the easiest — kind of like robbing the van that’s carrying the bank’s money instead of holding up the bank instead.
- Authentication: this staves off “man-in-the-middle attacks,” wherein a hacker can basically insert him (or her) self into an online conversation to intercept messages and pretend he’s one party or the other.
But making the switch isn’t as easy as flipping a switch.
Changing over to Hypertext Transfer Protocol Secure
Yes, making the move from HTTP to the secure version is important, and if you’ve got someone technical on your team, it shouldn’t be a huge ordeal…
…but even so, there are a lot of steps that need to be taken to ensure it’s done properly. In a nutshell, here’s the 30,000-foot view of how you change from HTTP to HTTPS.
Crawl the website
So many people think the first step in switching to HTTPS is getting a certificate — and that’s great. But, before making ANY major changes to any website, please crawl the entire existing site. Map it out (again, since it already should be), and assess anything that’s broken, missing, etc. Make sure any issues are taken care of before you start any kind of migration.
Having the website perfectly in order before making any major domain or security changes is paramount to the success of the effort you’re making.
PS: We absolutely love Screaming Frog for all our crawling needs.
Get a security certificate + install it
Now you can focus on this important step. You’ll need to acquire an SSL certificate and install it on the server. This part can vary depending on the hosting environment you’re using.
First things first. Why do you need an SSL certificate? Because it’s the key that unlocks the ability to use HTTPS. Via GoDaddy, an SSL (Secure Sockets Layer) certificate authenticates the identity of a website and encrypts all its data on the server. Encryption is when the data gets scrambled into an undecipherable format that can only be returned to a readable format with the proper decryption key.
We normally use GoDaddy for hosting; we activate the security certificate (and which level of security) we desire. From there, we have to verify that we own the domain before anything else can happen. GoDaddy then will send an email with a long “key” that we upload into the root of the website files. Once the file is uploaded, we go back to GoDaddy to let them know we’ve been verified. The certificate is live within a handful of hours.
That is one of the easier processes. With our other account, Pair, we actually have to give up our clients’ firstborn to get that SSL activated. So, it’s a bit more of a process over there, but once the ball’s rolling it’s somewhat similar.
Not to be snarky, but you’ve got to make sure you update all references within the database before you can expect things to work and be all hunky-dory. Here are the major items to check off your list of updates:
- Canonical tags
- hreflang tags
- Internal links
- Image paths
Don’t forget, a changeover to HTTPS means a new “address” for every single web page. Now, these days a lot of the aforementioned changes can be managed right within most content management platforms, but not always, so make sure you check before you assume.
Contained within this “step” is making sure you change any CMS-specific settings that need it, including updating URL settings. Making sure HTTPS is supported across the website (including all the nooks and crannies of your content management system) is the difference between having issues after going live and everything running smoothly.
Push it live
Did you do all the things listed above? Yes, I realize it’s a very broad strokes type of checklist, and there are nuances within each tiny aspect, but still. Check your list, twice, then push the “new” website live. Voilá!
Of course you’re not going to use this generic list to actually switch over to HTTPS; if you’re looking for step-by-step instructions, check out this resource.
But again, all this hoopla and some business owners are still wondering if it’s worth it to make the switch. Whenever I get in a tizzy about a decision, I make a pros and cons list.
Pros & Cons of Moving to HTTPS
There are good and bad sides to just about every decision ever made, and it’s no different with switching your website from HTTP to secure. Here are a few things to think about on both sides of the coin:
Ranking boost — The Google says They want HTTPS, they’ll of course favor those websites using it, which will give a slight edge SEO-wise to those sites using it.
Piggybacking on that, it could very well become required by Google to use HTTPS in the not-so-distant future.
Users love it — there’s nothing like the warm and fuzzy feeling that comes from seeing that little padlock at the top of the screen. Knowing their information is secure and won’t get stolen — whether it’s as über-sensitive as banking data or as simple as login credentials — will keep web visitors coming back to your site.
Security — along with making users feel their information is safe, with the layer of protection offered by HTTPS, you can be sure any data changing hands is going to be safe, and can’t be hacked by a third party waiting in the wings.
If you do it wrong, you could start over in the search engines. You could also end up with two websites — i.e., separate HTTP and HTTPS versions of it. Read: duplicate content.
You could end up with a site that doesn’t support HTTPS if you miss steps in the switchover process.
You could technically err and slow down your site speed, which will affect your search engine performance (because users hate slow load times, ipso facto so does Google).
In spite of the simple “steps” and breezy list I’ve thrown together here of how to change over to HTTPS, it’s a somewhat technically advanced change; it’s not something I’d be able to do. It takes time, and someone who knows what they’re doing. Time is money, so if you’re busy with client work this process can take resources away from the bottom line.
And, speaking of the bottom line, it can be spendy to purchase the SSL certificate. GoDaddy seems reasonable but that ching can add up, especially for small businesses.
While it seems that con list is far longer than the pros, consider the importance of those few good factors, especially the fact that Google really (really) likes sites that use HTTPS. After all, it’s all about pleasing users, and they want to know the information they’re sharing on the web is safe and secure.
There is a lot more work than I’ve outlined here when changing your website from HTTPS to HTTPS; choosing whether or not to make the switch is up to you but remember to keep these things in mind:
- While there are pros and cons, the good that will come from changing over far outweighs the bad
- The slight ranking boost awarded to HTTPS sites can give an edge over competitors not using it yet
- It’s a technically involved process; be sure someone who knows what they’re doing is in charge
- Purchasing the SSL certificate can be spendy
Making the switch from HTTP to HTTPS is time-consuming, needs to be done correctly so as not to work against you, and can be expensive. But it’s also increasingly important to project security and discretion to your web users so they’ll keep returning.
Plus, one can’t forget that Google condones those sites that use HTTPS — that alone should be reason enough to switch, since it could very well come to pass that it won’t be that HTTPS sites get a boost of credibility, but that HTTP sites will get a strike against them.
So, there you have it (in a big ol’ nutshell): the why, what and wherefore of HTTPS. But, ultimately it’s up to you whether or not you want to switch! (Hint to my garbage company: you should definitely make the change.)