On February 8th 2018 Google announced that their Chrome web browser will now be marking all HTTP sites as "not secure" from July of this year.
Traditionally, only sites which held user data and processed payments (such as online shops/ecommerce websites) required an SSL certificate, but with Google, Firefox and many other companies campaigning for a secure web, SSL for other sites has gone from recommended (due to SEO benefits) to essential.
The Benefits of Switching to HTTPS
- Security: The most important reason to switch from HTTP to HTTPS is to prevent malicious attackers compromising sensitive information or performing other malicious actions. HTTPS ensures that communication between servers are from who they say they are, so it’s a good defence against "man-in-the-middle" attacks, ad injection malware, or traffic diversion code.
- Privacy: HTTPS helps against user-profiling through meta data generated by a user's web activity and helps with GDPR data protection compliance which comes into effect on the 25th of May 2018 in the UK.
- Brand Trust: With the changes coming into effect on Google Chrome in July 2018, having a green bar, padlock and statement that your site is secure can really help visitors trust your brand and website.
- Improved Search Rankings: Google announced in 2014 that HTTPS is a ranking factor for their search engine. Searchmetrics also carried out a study which showed positive ranking increases for 30,000 keywords they monitored.
Encryption Is Technically Demanding
Several webmasters reported a loss in rankings and traffic after migrating to HTTPS. This could be a reason for many to avoid the efforts of encrypting their own web project. HTTPS is associated with a lot of work, which is why Google announced to give webmasters sufficient time for migrating their site to a secure connection.
For those with technical experience and/or an interest in the work involved, Google provide some documentation on how to secure your site with HTTPS and site moves with URL changes. The basic tasks are as follows:
- Obtain a security certificate (SSL certificate).
- Set up redirects to ensure that all of your old HTTP pages redirect to the new HTTPS pages.
- Update all your internal links so that they point directly to the new HTTPS pages, rather than relying on the redirects.
- Update links to all other resources, such as images, downloads and scripts.
- Avoid blocking your HTTPS site from crawling using robots.txt and avoid the ‘noindex’ tag.
- Re-index your site on the Google Search Console and submit your new sitemap.
- Test that everything is working correctly through SSL/HTTPS. If there are any technical issues, get in touch with your host or a developer to resolve the problems quickly.
If you require assistance in setting up HTTPS/SSL on your website, get in touch with us today. We have years of experience with website migrations, SSL certificates and carrying out the switch from HTTP to HTTPS.