Over the last few years there has been a serious shift towards more secure online browsing. While there is no doubt that the Internet has prompted an online revolution this has made hacking and fraudulent activity more prevalent. In the past it was an option to upgrade your website from traditional HTTP to HTTPS protocol. Though with the additional costs many people unsurprisingly chose not to do so. However, the situation has changed dramatically of late. Failure to update to HTTPS protocol can have serious implications for your website listing on various search engines and prompt “danger” flags across various browsers.
The idea of switching your website from HTTP to HTTPS is simple in theory but in practice there are a number of issues you need to be aware of.
What is HTTPS?
In theory, the process of migrating to HTTPS protocol is simple. However, let us backtrack and first look at the difference between HTTP and HTTPS and what the move actually gives you.
The traditional HTTP protocol is the way in which visitors communicate with your web server and more specifically the transfer of data. Whether simple login details or payment for goods/services the data can be highly confidential and historically it has not been encrypted. As a consequence, this left the transfer of data open to what is known as “middleman” fraudulent activity. In this situation hackers/fraudsters are able to place themselves in between the transfer of such data and take a copy.
The up-to-date HTTPS protocol revolves around not only the use of SSL certificates but also encryption between the web server and the visitor’s browser. As a consequence, even in a worst-case scenario of the “middleman” placing themselves between the transfer of data, the information will be encrypted and of no use to them. History shows that hackers and those attempting fraudulent activity tend to go for the “low hanging fruit” and as a consequence will move onto the next easier target.
Step one: Acquiring and installing an SSL certificate
Acquiring an SSL certificate is simple; here at Hostifica.com we are able to provide the full range of SSL certificates. We can also help with SSL certificate installation which is relatively straightforward if you know what you are doing. An SSL certificate goes hand-in-hand with the HTTPS protocol adding a significant layer of security to your website. In simple terms, the SSL certificate creates a very strong and very safe encrypted link between your web server and the visitor’s browser window.
Upon installation of an SSL certificate, each time a visitor comes to your site the validation check will be carried out. The validation process involves matching encrypted key data present on your server, through an installed file, and your website information held with the SSL certificate provider. Those who have browsed the web will be well aware of the dangers of interceptor traffic and fake websites. Well, if the data held by the SSL certificate provider does not relate to the encrypted data held on the web server, the visit will be flagged and the visitor alerted. At this point it is also worthwhile requesting a security update from your web hosting company as they should also adhere to the latest security updates.
Step two: Create a full backup of your website
While many people fall into the trap of assuming “nothing will go wrong” when working on their website. This is a dangerous strategy! If you are making any significant changes on your website, such as coding and filenames, it is highly advisable to take a full backup. You can use your Control Panel or one of the many plug-ins available to create a backup. The process is fast and is implemented with just a few click. In the majority of cases you will not need to refer back to your full backups. But in the unlikely event of a major problem with your changes, you have the option to revert back to the saved copy of your website files. Complacency is dangerous!
Whether you have shared hosting, managed hosting or a stand-alone server hosting account, web hosting companies also have a role to play with this process. They should be advising and assisting customers wherever possible. If you have any issues please feel free to contact us and we can work together to resolve them.
Step three: Converting HTTP links to HTTPS
This is the most important part of the process; actually replacing HTTP links with HTTPS because one missed link amendment could bring your site crashing down. Applying changes will depend upon the size of your website. Though it may be possible to do a cross site “find and replace”. Although the descriptions used would need to be exact to avoid compromising any other links. For example you could replace:
This would not only convert your home page website address but also those with website extensions and other pages. There is one potential danger; if you went ahead with a simple find HTTP and replace with HTTPS this would convert any website addresses on any of your website pages. To ensure it is only your website address which is converted to the new HTTPS protocol you need to be as exact as possible with your text.
Step four: Update code libraries
Step five: Update external links under your control
The concept of a strong SEO presence is the ability to attract interest and inward links from external websites. In the vast majority of cases the structure of these links is out of your control. However, where you have links to your website from social media, or other websites, you should update it. Updating the link text to the HTTPS protocol as soon as the conversion has been completed is highly advised. It may be worthwhile contacting some of the major links to your website and asking them to make similar changes.
Step six: Permanent 301 redirect
The introduction of a permanent 301 redirect on your web server will ensure that all external links are redirected to the HTTPS web addresses. This type of redirect is perfectly valid in the eyes of the search engines. It will ensures that you retain the power of these links to your website. It is also useful for type-in website requests. This occurs when a user has not made use of the HTTPS protocol. The physical redirect from HTTP pages to HTTPS is instant and will not impact the experience of your visitor.
Step seven: Update all references in your communication emails
Even though you have added a 301 redirect it is good practice and good SEO to update as many references to the old website address as possible. If you communicate with your visitors via email then you will likely have the old website address in your signature. It is the same situation for confirmation purchase emails and other similar communications. So, go through all of your manual and automatic email templates and make the necessary changes. In reality this won’t take too long and there may also be an option to find and replace.
Step eight: Tell Google (and other search engines) what is happening!
If you want to keep in the good books of the likes of Google it is essential that you update your analytics and search console accounts. It is important that they show the new HTTPS website address even though there is a 301 redirect in place. This will allow Google to crawl your new website pages, update the information in your account and rubberstamp you as “safe and secure”.
The process of converting to HTTPS may look complicated but if you break it down into various tasks it becomes much more manageable. From simple SSL certificate installation to web hosting, a 301 redirect to the updating of marketing and customer communication material, it is all important. While in years gone by there was the “option” to convert from HTTP to HTTPS. Today, this option has been taken away. If you want your site to rank as highly as possible with the likes of Google and avoid potentially damaging security alerts on various browsers, then take action with your HTTP issue today.
It is fair to say that the battle against hacking and Internet fraud is never-ending. However, that does not mean that website owners need to sit back and wait for the worst happen. The SSL certificate installation process is relatively quick and painless. Giving users the ability to encrypt communication between browsers and web servers is priceless! Not to mention the kudos this gives you with visitors and customers looking for secure sites. Take nothing for granted in the world of e-commerce!