Migrating Site to HTTPS: A few years ago Google revealed that HTTPS is a ranking factor which drove many website owners to move their site to HTTPS. Google made that announcement back in 2014, and one would think that the entire internet has migrated to HTTPS by now. But a study performed by SEJ revealed that despite its many benefits a majority of websites haven’t migrated to HTTPS. You are probably one of them see-sawing between thoughts to migrate or not to migrate. Knowing how exactly you benefit from the migration should help you make a decision.
What is HTTPS & Why Switch to HTTPS?
HTTP was a procedure to exchange information on the web. By default websites only came with an HTTP certificate (HyperText Transfer Protocol) where all messages were exchanged in plain text. HTTP is not recommended for passing sensitive data like login credentials and financial information. In HTTPS (HyperText Transfer Protocol Secure), exchanging information occurs in an encrypted format, therefore, making it secure to pass sensitive information. Let’s take a look at the three major benefits that a site owner drives from migrating site to HTTPS –
Before Google’s push towards making the internet more secure by using HTTPS, only websites or pages that carry out monetary transactions were obliged to use it. But hackers are always on the lookout for ways to breach a website, whether it’s by using a vulnerable plugin or by stealing the login credentials. Every site has data that is unique to that website, therefore, stealing the data is one of the major drives behind many website security breaches. They can sell this data to the highest bidder or blackmail the site owner for ransom money. Moreover, hackers today don’t differentiate between big sites and small ones. In fact, hackers prefer going after small websites simply because small websites are lax towards their security and thus easier to hack. Therefore, regardless of the size of your websites, moving to HTTPS will bring the much-needed boost to your site’s security. Once HTTPS is encrypted, your login credentials become encrypted which means even if an attacker manages to capture your login data, deciphering them will become impossible.
Improved SEO Rankings:
Today more people are using the internet than ever. Hundreds of thousands of posts and pages are published every day. When you publish a post online you’d want people to read it and the easiest way to reaching a large number of people is by appearing in the first page of the world’s largest search engine, Google. Suppose you published a post on the Facebook data scandal on your websites. At the time of writing this, the Keywords Everywhere Chrome extension tells us that each month around 14,800 searches is being made on the keyword. When these people search on Google using the keywords ‘Facebook data scandal’, you’d want them to find your post on the top in the first page. And you can only do that by understanding what factors Google takes into account to rank a post.
Google ranking factors are always up for guesswork and many industry experts have spent years decoding these factors. It’s rare for Google to come forward and admit a ranking factor. The reason being, if website owners knew the ranking factors they would write average or below average articles and be able to rank on the first page. Google wants its users to get the best results, top-notch articles that answers their search query fully and clearly which is why the search engine giant never reveals what factors it takes into consideration to rank a post. Therefore Google’s announcement of HTTPS being a ranking factor is a big deal, one that you can’t ignore.
Another very undervalued benefit of migrating site to HTTPS is that it helps build trust with your visitors. In fact, in a survey conducted on online shopping behaviour, 70% of the shoppers said they’d cancel their orders if they don’t trust the website. A seal of trust could go a long in boosting your online sales. HTTPS is important because it lets your visitor know that the information they are leaving on the site is in safe hands. Building brand trust is especially significant for e-commerce sites. Trust can help convert a regular visitor into a buyer. Moreover, from July 2018 onwards Google will mark all HTTP sites as “not secure,” which will definitely have a huge impact on the trust factor.
For migrating site to HTTPS, you’ll need to fetch an SSL certificate. Let’s take a look at the different kinds of SSL certificates that you can opt for.
Types of SSL Certificate
SSL stands for Secure Sockets Layer. When installed into your website server, it’ll activate the https protocol and a padlock will appear in front of your URL.
There are all sorts of SSL certificate to choose from. Some are free and others are paid. The paid ones come with more features and a more rigorous verification process.
You can avail any of the five types of SSL certificates for WordPress websites:
Free SSL Certificate
Many web host providers as well as vendors like SSL For Free, Free SSL, LetsEncrypt, offer free SSL certificate with preconditions like you’ll have to manually renew the certificate every 6 months or so.
Paid SSL Certificate
Users tend to feel safer if they use Paid or Trusted SSL certificate from CA authorized SSL re-sellers like Cheap SSL Shop. You can get three types of SSL certificates based on validation method: Domain Validated (DV), Organization-Validated (OV), and Extended-validated (EV) with specific warranty and validity period. You can also fetch SSL certificates of different CAs such as RapidSSL, GeoTrust, Thawte, GlobalSign etc. for a single website.
Single Domain SSL Certificate
As the name suggests, the certificate can only be used on one domain. Meaning a certificate issued for example.com will secure all pages of only example.com. Getting it is easier, it doesn’t involve any paperwork unlike in Organizational SSL certificate. Low cost and quick issue make one domain SSL certificate a popular choice among small to medium sized websites.
Multi-Domain SSL Certificate
This type of certificate allows website owners to secure multiple domains using a single certificate. For instance, say you have the following domains, example-1.com, example-2.com, and example-3.com. A single Multi-Domain SSL Certificate (MDC) should cover all these domains.
Extended SSL Certificate
Issued within 3-4 working days, extended SSL certificate offers the highest level of security. It involves rigorous background checks on the company as per the guidelines laid out by the Certificate Authority. Since this particular certificate ensures the highest level of security, it is used by banks and online retailer.
Wildcard SSL Certificate
Comes with the same features as the single-domain certificate but it secures not just a single domain but it’s subdomains too. That means you can use the certificate to secure example.com along with login.example.com, payments.example.com, anything-else.example.com. It’s ideal for site owners who have many subdomains. With a unified expiry date, it reduced the number of certificates you’d have to manage.
Organization SSL Certificate
This type of certificate offers enhanced features and follows a rigorous verification process before issuing the certificate. Some vendors take 2-3 working days to issue the SSL certificate.
What sort of SSL certificate you need depends on the kind of website you own.
Step-by-Step Guide on Migrating Site to HTTPS
The most common way of buying your SSL certificate is from your web hosting provider. But before we jump into the process, we’d recommend you to take backups of your site. We have heard of websites crashing while making the switch from HTTP to HTTPS. A good backup service will enable you to restore your site in a jiffy. Ideally, you shouldn’t face any problem if you have your site on a well-known web host provider but let’s not take any chances. After taking backups for your site, you need to follow the steps below:
Step 1: Login to your web hosting and head to the cPanel.
Step 2: There should be an option for SSL certificate. Select that.
There will be some sort of verification process involved. Once you get through that, you can see the SSL certificate appear in front of your site URL in the form of a padlock.
After switching to HTTPS, there is one major thing that remains to be done:
Update Internal and External Links
After migrating site to HTTPS, you must update both internal as well as external links. Internal links are those that link one page of your websites to another page of the same website. And external links are links shared in the social media profiles, listing directories and websites that offered linked to your site. Change the social media links as well as the directory listing. Reach out to people who have linked your site asking them to replace the link with an updated one.
Say, your site URL has changed from http://example.com to https://example.com. It means all URL of your pages and posts have changed.
If you published a post on your site before the SSL installation, it’ll look like this http://example.com/post-published and after the installation, it looks like this https://example.com/post-published.
Suppose you had shared the former link with someone and if they try to open the link now, they’ll see a 404 error (page not found).
Therefore, you have to update all the links migrating site to HTTPS. You can redirect the URL manually but for large websites with hundreds of published posts, manual redirection is impractical. In that case, using a tool like Really Simple SSL will come in handy. It’s free and configures your site along with all its posts and pages to run over https.
The benefits of migrating site to HTTPS are many. We hope that with the help of this post, you were able to see that and even make a switch to HTTPS. Thanks for reading.