In recent years there’s been a huge push by Google and other key players for the internet-wide adoption of HTTPS.
While the majority of web users are advocates for creating an overall safer, more secure web, many site owners have been daunted by the task of migrating their site to the secure protocol. Thankfully the barrier to entry for converting your site to HTTPS has all but disappeared with free, easy to use options for switching to HTTPS. With popular browsers like Chrome and Firefox continuing to push sites to switch with non-secure warnings on HTTP sites and SEO ranking boosts, it’s becoming clear all sites can and should make the switch. Here are the basics on HTTPS and why you should consider switching if you haven’t already.
What is HTTPS?
For starters, it’s good to have a basic understanding of the function of HTTPS and how it actually becomes “secure”. HTTPS stands for Hypertext Transfer Protocol Secure where the information being sent from a user’s browser to a given website is encrypted and secured using TLS (Transport Layer Security), more commonly referred to as SSL (Socket Security Layer), an older version of the technology . The TLS ensures the information is being sent through secure channels and then encrypted making sensitive information all but impossible to hack. All of this provides both your site and your users with three key security benefits:
The TLS ensures the information is being sent through secure channels and then encrypted making sensitive information all but impossible to hack.
- Identity — TLS/SSL have to “handshake” or exchange digital certificates with the server of the site your device is communicating. This exchange authenticates the identity of the site to verify the site is not being affected by impersonation.
- Encryption — Purchasing something online? Your credit card number is encrypted on HTTPS sites and secure from potential hackers. Same applies for any other confidential data.
- Data Integrity — The TLS/SSL also creates a record layer ensuring any data exchanged is valid and accurate helping to prevent things like man-in-the-middle attacks.
Why migrate to HTTPS?
Beyond the obvious security benefits listed about there are a few reasons why you should really consider migrating to HTTPS:
- User experience and trust — Give your site readers peace of mind that your site is safe and secure to use. If your site collects passwords, payments or even has forms of any kind (think email signups) Chrome is labeling your site as “not secure”, potentially reducing user trust.
- SEO ranking — HTTPS is starting to play a larger and larger role in how Google ranks sites. According to a recent analysis by Moz.com, over half of first page rankings for Google searches are now HTTPS. Google has been indicating for quite some time it could become an even stronger ranking signal in the future. By not migrating to HTTPS, you’re harming the potential reach of your future posts.
- Site Performance — Taking advantage of the secure protocol could increase your site speed by 1.25x as Google pointed out at their 2016 Web App Summit.
How to Migrate to HTTPS
Now that we’ve gone over why you need to migrate your site to HTTPS – let’s dig into the how. In the past couple of years it’s become both easier and cheaper to migrate to HTTPS so here are our top tips to make the process as seamless as possible.
Choose Your Certificate
Depending on your site needs there are different routes you can take when choosing a TLS/SSL certificate to install. Let’s Encrypt offers open and automatic certificates that are completely free of charge. This is great for any site looking to make the switch to HTTPS that does not necessarily need the attributes of a paid certificate purchased through a hosting provider. There are a few limitations to the site’s Let’s Encrypt are ideal for:
- E-commerce sites — Extended Validation certificates are ideal for e-commerce sites. The majority of hosting providers recommend purchasing your own certificates and importing them in this case.
- Custom CDN URL’s — While not super common, if you happen to have a custom CDN URL, Let’s Encrypt cannot issue certificates because the CDN provider controls the servers. You will need to coordinate with your hosting provider and CDN provider to install certificates.
- Hundreds of Subdomains / WordPress Multisite — If your site falls under one of these categories, WPEngine recommends RapidSSL certificates and Extended Validation wildcard certificates for optimal performance. If you’re not sure, it’s best to check with your hosting provider.
Beyond Let’s Encrypt, any good hosting provider will have various paid options to choose from that you can install right from inside your user portal.
Prepare Your Site
If your site is fresh and only has a couple dozen pages to migrate, the process will be a tad easier for you. If you’re a veteran publisher with thousands of pages, links and more on your site – the task may be a little more tricky. Either way the best thing to do is crawl your site to get an idea of the structure and draft a plan for migration. While migrating to HTTPS has become easier in recent years, skipping steps can be disastrous for your site. Here are a couple solid step-by-step guides that are easy to follow to prepare for a migration. Keep in mind these are focused on WordPress sites.
How to Migrate from HTTP to HTTPS – Complete Tutorial Woorkup.com
HTTP to HTTPS: An SEO’s Guide to Securing a Website Search Engine Land
HTTP to HTTPS Migration: The Ultimate Stress-Free Guide Search Engine Journal