Move Your Website from HTTP to HTTPS
Customers expect safety and security when visiting your shop or place of business and the same applies for your website. Securing your website using https means all the information passing between your website and your visitors is encrypted and virtually impossible to break by hackers.
Benefits of using SSL’s (HTTPS)
- Increase customer confidence – your customers will feel reassured regardless of whether you accept payments online or not.
- Improve your ranking in Google. Although this is only a small boost at the moment it is going to increase over time – it is unsurprising that Google prefer sites that are secure, trusted and certified and they have made it clear that they want all sites to be https eventually so expect lower rankings over time if you are not https. All tests show an improvement in ranking through the adoption of https.
- Your site and customer interaction with you is more secure – third parties cannot intercept or tamper with the data or your customers.
This is what Google says about HTTPS for websites;
HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data between the user’s computer and the site. Users expect a secure and private online experience when using a website. We encourage you to adopt HTTPS in order to protect your users’ connection to your website, regardless of the content on the site.
Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:
- Encryption—encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages, or steal their information.
- Data integrity—data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
- Authentication—proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.
The above and more information from Google about securing your site with HTTPS can be found here: https://support.google.com/webmasters/answer/6073543?hl=en
To move from HTTP to HTTPS you will need to get a SSL certificate which cost anything from £50 – £250 per year depending on the type of certificate you require. The process for obtaining a certificate is different depending on the type of certificate applied for. All certificates must be obtained from a Certificate Authority. These certificates are used to encrypt transactions, enable secure communication with the website and protect information.
There are 3 main types of SSL certificates;
Domain Validation (DV) SSL Certificates
The cheapest SSL certificate which just checks whether the applicant can use a specific domain name. Typically, this is achieved through publication of specified files to the root of your domain. Encryption information only is displayed in the Secure Site Seal.
Organisation Validation (OV) SSL Certificates
This requires the same validation as a Domain Validation certificate plus vetting of the organisation and more information is published in the Secure Site Seal.
Extended Validation (EV) SSL Certificates
All of the above from DV and OV SSL Certificates plus checks on legal, physical and operational existence, verification of the site/business against official records and other checks which are conducted each year.Note the green padlock for this website and the https so you know you are visiting a secure site
Once you have obtained your certificate you then need to transfer your content and ensure search engines can crawl the https version of your website.
Use permanent 301 redirects
You need to redirect users and search engines to the HTTPS versions of your web pages with server side permanent 301 HTTP redirects.
Ensure your site can be crawled by Google and other search engines
- Do not block your HTTPS pages by robots.txt files.
- Do not include meta noindex tags in your HTTPS pages.
- Use Fetch as Google to test that Googlebot can access your pages.
Add the HTTPS property to Search Console (if you use it); Search Console treats HTTP and HTTPS separately; data for these properties is not shared in Search Console. So if you have pages in both protocols, you must have a separate Search Console property for each one.
You need to update your Google Analytics Website’s URL (if you use it). So under your account click into Admin and then your view settings. Then flip the URL to the HTTPS version. This way you don’t lose any history and can pick up right where you left off.