Google has been encouraging website owners to make the migration from HTTP to HTTPS for years. However, as of this month, they’re officially taking no liberties with websites that haven’t yet made the change. Last year, Google announced that it would be favoring HTTPS websites by identifying them with a little green padlock and text that says “Secure” right next to the URL in the address bar. Meanwhile, pages that had a login or credit card field and no SSL certificate (the data file that activates the HTTPS protocol on your website), were marked with a “Not Secure” tag on most websites.
As of July 2018, the “Not Secure” identifier is becoming more widespread. It will now be applied to all websites that are still only HTTP. This change is coming with the release of Chrome 68, and Google hopes it will act as an incentive for all website owners to convert their webpages to HTTPS.
Image Source: Search Engine Land
The Purpose Behind HTTPS
The obvious benefit to converting your site to HTTPS is the increased trust your users will associate with it. Google’s goal is to ultimately create a safer web where sending unencrypted information will become obsolete. With privacy concerns at an all-time high, users are adamant about ensuring their personal information is sent over encrypted, secure channels.
Furthermore, Google is offering a small ranking boost to websites that make the change. While previously Google only did this by determining if the first five characters of the sites URL began with “https”, it is possible it will soon also begin verifying that a valid SSL certificate is present.
HTTPS sites also see an improvement in website performance. Websites with HTTPS load faster due to the HTTP/2 revision of the HTTP protocol. This major revision, that is present on all modern browsers, came with significant performance enhancements. On a website where you can test HTTP vs. HTTPS load time, the load time of 360 unique, non-cached images was 3.5 seconds on average with HTTP and around one second on HTTPS. Results will vary for each user but consistently prove that HTTPS load times are between 60-70% faster.
Unsecure HTTP site:
Secure HTTPS site:
Making the Transition
The first step to securing your site is to install an SSL certificate for your domain. There are numerous certificate providers, and costs are fairly nominal. For example, McAfee offers SSL certificates starting at $69/year. While there are providers that offer free certificates, some web browsers do not respond well to these. Sites with free (also known as self-signed) certificates will populate an error message on many browsers, prompting users to either select that they “agree to the risks” of continuing to your website, or directly encouraging them to get out of there.
Image Source: Search Engine Land
Once you have installed an SSL certificate on your website, you’ll need to make the actual transition. Before you do this, make sure you’ve backed up your website and consider implementing the changes on a test server first. Once the SSL has been installed on the server, you’ll want to begin updating your content.
Here are some link types to look out for when transitioning your website to a secure version:
Navigation Links (header and footer) – Often are manually created through a CMS so they will need to be changed.
Page Content Links – A simple search-and-replace will allow you to locate the old unsecured links on each page and update them to HTTPS.
Image Links – Often these links access a media directory which will need to be secured as well.
You will want to update any canonical tags, hreflang tags, and plugins too, although this may not be necessary if you’re working under a CMS. Most website frameworks have the ability to upgrade the site setting to HTTPS. This should take care of most of native linking.
Make sure you create a rewrite rule which forces browsers to show the HTTPS version of your pages. WordPress has a handy plugin to help with this. This takes care of browsers showing the HTTPS version of your site when a user doesn’t specify HTTPS in the browser search. If the link issues mentioned above aren’t resolved, this would lead to unnecessary redirects. If the media file directories are not secured, it would cause a 404 error.
Lastly, crawl your website to make sure you didn’t miss any links. Professional web developers can also do mass find/replace to template files on your server.
Once this has all been completed on your site, make sure to update your sitemap to include the HTTPS versions of the URLs and to update any URLs in your Google Analytics as well.
Despite the fact that converting to HTTPS can be a lengthy process, tons of websites have already hopped on the bandwagon. According to Google’s blog, over 68% of traffic on Android/Windows and 78% of traffic on Chrome OS/Mac is now protected. Additionally, 81 of the top 100 websites use HTTPS by default. These numbers continue to grow as Google presses the matter even further with this month’s updates. So, if you haven’t made the change already, it’s best to do so before you lose your loyal users to websites they view as safer and more trustworthy, simply due to the presence of this HTTPS markup.