Using the HTTPS protocol to secure your business website is becoming increasingly important, providing assurance to visitors and a potential improvement in search visibility. Here we explain what HTTPS does and how to migrate your site.
As a business or website owner you have a responsibility not only to protect yourself but also the visitors to your website. As well as storing any user and order details securely, any communication through the website also needs to be secure as insecure connections can be intercepted and even modified by a malicious third party.
The easiest way to protect the traffic to your website is using the HTTPS protocol. The majority of websites today still use the traditional HTTP unsecured protocol, in fact, only 0.1% of websites online today are using HTTPS.
That is not many websites and it reflects the current issue with the internet and how vulnerable people are online, especially those that are less familiar with how hackers work and what makes a website or connection secure.
So what is HTTPS exactly?
There are plenty of articles online to explain this and Google’s own tips are a great place to start. Essentially, HTTPS is comprised of the traditional HTTP connection which is then encrypted using TLS (Transport Layer Security). As Google states, there are three core benefits that HTTPS provides:
Encryption: The data is sent and received in an encrypted format, so that third parties can’t listen in or steal data such as the username and password you enter on a website
Data integrity: This ensures that the data to and from the browser is not modified or corrupted, and detects if issues have occurred
Authentication: This ensures that you are communicating with the website you were intending to communicate with
These are mainly the technical and security benefits but there are also direct benefits to a business associated with a move to HTTPS.
How HTTPS helps your business
There are two main ways that having your website address prefixed with HTTPS instead of HTTP helps your business.
Firstly, a secure connection gives visitors to your website increased trust and confidence in your website when interacting or buying through it. Most experts in the lead generation b2b industry classify this as one of the most important methods of increasing lead generation. A secure website can and will lead to increased sales or leads. This is especially true in Google Chrome, the most popular browser, which will soon start flagging unsecured login pages as “Not secure”.
Eventually Google will roll out this notification to all pages on websites still using HTTP which could further negatively impact sales and leads.
And, the second main benefit to a business is that Google now applies a search ranking benefit to HTTPS sites. When Google first announced this benefit we tested it on some sites but we didn’t see any corresponding ranking benefit. However, in more recent transitions to HTTPS we have seen the benefit applied to the website’s rankings. The ranking benefit is very real:
Note, however, that ranking increases vary from keyword to keyword and it really depends on the competition in the search results. It doesn’t appear to be a very strong positive ranking signal, but it’s definitely a signal and it helps to improve overall rankings.
Where to begin to enable HTTPS on your website
There are so many guides out there to help you move your website to HTTPS and often they can be quite confusing, especially when the articles become unnecessarily technical.
What you will need are the following:
A web server (host) that can accept secure connections. Most hosts will have enabled this already
A security certificate. You will need to buy this, usually from your host, or you can get a free one from Let’s Encrypt
An hour or so to update your website and other resources accordingly, depending on the size of your website.
Let’s look at each of these in turn.
Website hosts like 123 Reg, GoDaddy and 1&1 generally already have their servers configured to accept secure connections. This shouldn’t be a concern, but it’s worth checking first in case you’re on an old server which isn’t.
Then you need to buy your security certificate. I often feel that this is an area that causes the most stress! For simplicity of implementation, the first port of call should be your web developer. They should be able to advise you where to buy it and how to get this configured on your server for your website. A certificate can typically cost £5 to £10 per month.
There is the possibility of installing a free certificate from Let’s Encrypt, which is an online initiative to prevent the cost of a certificate stopping people or businesses from being able to secure their websites. It does require some technical knowledge to implement and it needs updating every 90 days, so it’s probably best if it’s done by a web developer.
Some host companies, such as Siteground, pre-configure websites on their servers with free Let’s Encrypt certificates, which means it’s all done and you don’t have to do anything apart from make your website default to HTTPS. This is very handy indeed and it would be great if more hosts did this.
Other hosts, such as GoDaddy, Hostgator and 1and1, have options to buy and install certificates directly through them. This is often the easiest route to get the certificate installed if you are doing it yourself.
You should start by checking what products your host company offer for installing and configuring the certificate on the server for your website. Note that they are often called SSL Certificates.
In terms of certificates and how to configure them it’s worth checking Google’s tips again.
I have my HTTPS certificate, what now?
Once you have your certificate installed on your server you should now be able to access your website with HTTPS in front of the website address, such as:
Now you need to take some additional steps to complete the transfer and preserve your Google rankings:
All traffic to the HTTP version of a page needs to be 301 permanently redirected to its HTTPS equivalent. For most websites, a simple bit of code in the htaccess file like this will do the job:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
This is quite a technical change and it’s key that it’s implemented 100% correctly. Without this it could significantly impact the rankings of a website.
Update all hard coded internal links to use HTTPS instead of HTTP, including canonical tags, hreflang tags, images and sitemap. With most CMS systems, such as WordPress, you can install a ‘Find and replace’ plugin to look for “http://www.azoora.com” and replace it with “https://www.azoora.com”. CAUTION: There is no undo function when performing a find and replace like this so you need to ensure you do it correctly. It’s always wise to make a backup of the website before doing this! You may need your developer to assist you with this
You may need to adjust the website setting in the CMS, such as these in WordPress:
If your website is pulling in scripts, such as javascript files, from external sources, these all need to be HTTPS too as just one unsecured HTTP connection will make the entire website unsecure
Go through the website and check everything! Ensure that the browser shows the website as secure and that there aren’t any non-secure resources causing an issue. In Chrome you will see this in the browser bar if there’s an issue:
In Google Analytics you will need to update the default URL to be the HTTPS version of your website as well as any Google Adwords campaigns and in Google My Business. You should update any other paid media, email marketing and social media accounts at this stage. Note that sometimes the social sharing buttons on your web pages may show zero likes when you change to HTTPS as some networks treat them as new pages. There are some hacks around this but it’s often more hassle than it’s worth
Making post-HTTPS migration check
That may all seem quite a lot to go through, but the most time-consuming aspects are changing the internal links, ensuring all resources are HTTPS and getting the redirects set up and working.
However, what happens after all of this is even more important. Over the next couple of months as Google picks up the redirects and starts ranking the HTTPS pages, you will need to be monitoring your rankings across the board and checking for any errors in search console. Errors should be addressed straight away.
Keep looking in Search Console at least two or three times a week for any messages or errors and if you see any significant shift in rankings, traffic or conversions then go back through the list above and ensure everything is set up properly.
If you do run into any problems you can always post your questions on UK Business Forums as there are some very experienced people there who will be able to advise and help you.
So, as you can see, it’s not that complicated to transition your website to HTTPS. I would definitely recommend that all businesses move to HTTPS this year, so plan to do this in the coming weeks and enjoy improved Google rankings and hopefully increased sales and leads!
Incredible points. Great arguments. Keep up the great spirit.
Thanks for the compliments. 🙂
Thank you for any other informative website. Where else may I get
that type of info written in such an ideal approach?
I have a project that I am simply now running
on, and I have been at the look out for such info.
Hello I am so delighted I found your site,
I really found you by mistake, while I was searching on Askjeeve for something
else, Regardless I am here now and would just like to say kudos for a incredible post and a
all round exciting blog (I also love the theme/design), I don’t have time to go
through it all at the minute but I have bookmarked it and also added in your RSS feeds, so when I have time I will be back
to read a lot more, Please do keep up the superb job.
Hello! This is my first visit to your blog! We are a team of volunteers
and starting a new project in a community in the same niche.
Your blog provided us valuable information to work on. You have done a outstanding
job!
Excellent article. Keep posting such kind of information on your page.
Im really impressed by it.
Hello there, You have done a fantastic job. I’ll definitely
digg it and individually recommend to my friends. I’m sure they’ll
be benefited from this website.
Useful information. Lucky me I found your website by chance, and I am stunned why
this coincidence didn’t took place earlier! I bookmarked it.
Howdy, i read your blog from time to time and i own a similar one
and i was just wondering if you get a lot of spam responses?
If so how do you protect against it, any plugin or anything you can advise?
I get so much lately it’s driving me crazy so any help is very much appreciated.
A person essentially lend a hand to make critically articles I’d
state. This is the very first time I frequented your website page and
so far? I surprised with the analysis you made to create this actual submit extraordinary.
Wonderful task!
I like it when folks get together and share ideas.
Great blog, keep it up!
Hi! Do you know if they make any plugins to protect against hackers?
I’m kinda paranoid about losing everything I’ve worked
hard on. Any suggestions?
6) Anantha Samapatti (Merging with the Infinite):
I’ve been browsing online more than three hours today,
yet I never found any interesting article like yours.
It is pretty worth enough for me. Personally, if all website owners
and bloggers made good content as you did, the net will be much more useful than ever before.
Hello! I know this is kind of off topic but I was wondering if you knew where I could locate a captcha plugin for my comment form? I’m using the same blog platform as yours and I’m having difficulty finding one? Thanks a lot!|
Hello Sharron,
We are happy to help our readers in any matters regarding our blog. So, you want to have a WordPress Captcha Plugin for Comments Form, I request you to check one of our articles regarding your question, you will definitely find a solution there.
Link: Top 10 Free WordPress Captcha Plugins (2019)
Thanks and have fun blogging.
This is very interesting, You are a very skilled blogger. I have joined your feed and look forward to seeking more of your magnificent post. Also, I’ve shared your web site in my social networks!|
Thank you very much, 🙂
Excellent way of telling, and nice piece of writing to get information about my presentation focus, which i am going to deliver in academy.|
Aw, this was a very good post. Taking the time and actual effort to create a
very good article… but what can I say… I procrastinate a lot
and don’t seem to get anything done. and i working for thue
may chu du lieu
I have read several good stuff here. Definitely worth bookmarking for revisiting.
I wonder how much attempt you place to make such a magnificent informative site.
and i working for thue may chu cloud
Hi there, I enjoy reading all of your article post.
I like to write a little comment to support you.
It’s nice to hear that you like our articles and you can ask anything regarding the articles, thank you!
Greetings from Ohio! I’m bored to tears at work so I decided to browse your site on my iphone during
lunch break. I love the knowledge you present here and can’t wait to take a look when I get home.
I’m shocked at how quick your blog loaded on my cell phone ..
I’m not even using WIFI, just 3G .. Anyhow, amazing site!
Hmm is anyone else experiencing problems with the pictures on this blog
loading? I’m trying to find out if its a problem on my end
or if it’s the blog. Any feed-back would be greatly appreciated.
Good article. I am dealing with some of these issues as well..
I’ve been exploring for a little bit for any high quality
articles or blog posts on this kind of area . Exploring in Yahoo I finally stumbled upon this site.
Studying this information So i’m happy to express
that I have a very just right uncanny feeling I found out just what I needed.
I most for sure will make certain to do not
overlook this web site and provides it a glance regularly.
I am extremely impressed with your writing skills as well as with the layout
on your blog. Is this a paid theme or did you modify it yourself?
Either way keep up the nice quality writing, it’s rare to see a nice blog like this one
today.
Hello there, I found your blog using Bing Search. This is a very well written article. I will make sure to bookmark it and return to read more of your useful info. Thanks for the post. I will definitely comeback.
These are actually impressive ideas in concerning blogging. You have touched some nice things here. Any way keep up writing.
“We absolutely love your blog and find the majority of your post’s to be just whatI’m looking for. can you offer guest writers to write content foryourself? I wouldn’t mind creating a post or elaborating on a few of the subjectsyou write related to here. Again, awesome web log!”
Very good article. I am facing some of these issues as well..