21st November 2016
Moving from HTTP to HTTPS – The Benefits and How-To
What’s the difference between HTTP and HTTPS?
HTTP or HyperText Transfer Protocol is a system used to transmit and receive information via the internet. It is the most commonly used method of presenting information to those using the internet, with a focus on efficiency.
HTTPS (Secure HyperText Transfer Protocol) on the other hand was developed to make sure that the transfer of information via the internet is more secure – so that when we exchange confidential information online, we can prevent unauthorised access and keep our data private. HTTPS also uses an additional protocol, SSL (Secure Sockets Layer) in order to ensure that our information is moved safely online.
What are the benefits of HTTPS over HTTP?
- Google Rankings: Because of the additional security associated with HTTPS and SSL, websites using HTTPS have a reputation for being safer, trusted and certified. Within recent years, Google has really clamped down on the quality of websites and the ability to keep users’ personal information safe. So it’s only natural that websites employing HTTPS are preferred by Google – and even have the potential to outrank similar sites which use HTTP. Whilst HTTPS won’t be as crucial a ranking factor as high quality content for example, Google have themselves stated that sites using HTTPS are likely to receive a small ranking benefit.
- Increased Security: Websites encrypted with HTTPS have the added benefit of being more confidential and secure than those without – only your browser and the website’s server can decrypt the information you provide. HTTPS also adds a layer of integrity to any website, as the data you have shared is protected from any modification without your knowledge. Not only does this benefit the user, but also the website owner – an ever increasing number of internet users can easily spot the difference between HTTP and HTTPS sites, and many of those will be deterred by an unsecure HTTP site.
- Statistical Analytics: HTTPS websites also provide more information when it comes to using tools such as Google Analytics to explore the statistics behind your site and visitor sources. When an HTTPS site receives online traffic, secure referral information is preserved – information which can be stripped away from visits within HTTP websites. You are more likely to be provided with accurate, detailed information on referrer visits rather than a multitude of misleading referrals marked instead as ‘direct’ visits. This ensures any analysis of your website and online marketing campaigns are correctly tracked.
Are there any SEO concerns I should be aware of when switching to HTTPS?
Whilst Google recommends switching from HTTP to HTTPS from an SEO perspective, they have also highlighted a list of best practices which should be considered when switching over:
Make sure you obtain a security certificate from a reliable certificate authority prior to switching – and research the type of certificate you will need, be it a single, multi-domain or wildcard certificate. You should also ensure you choose a 2048-bit key when doing so.
Redirect all users and search engines to the relevant HTTPS page / resource with server side 301 HTTP redirects when everything has been switched.
Use a web server that supports HSTS (HTTP Strict Transport Security) – and that it is enabled. This automatically tells the browser to use HTTPS when requesting pages or resources, even if HTTP is entered within the URL bar rather than HTTPS.
Avoid disallowing your HTTPS site from being crawled by search engines within your robots.txt file – you can use the Google Robots.txt tool within the Google Search Console (GCS) to ensure your Robots file is correct. You can also use GSC and Google Analytics to track your HTTP to HTTPS website migration.
Visit Globalsign.ssllabs.com to check your site is secure and passes the required tests, as shown by this test on varn.co.uk
How do I switch from HTTP to HTTPS?
Here is a basic outline of the steps required, when migrating from HTTP to HTTPS:
- Move your website to a test server, so that you can test the move before implementing the permanent changes within your live site
- Ensure you crawl your website so that you are aware of all pages and resources that need to be moved
- Obtain and install a security certificate within your server
- Update all references within your website’s content – ensuring references are updated to internal links using HTTPS
- Repeat the step above, but within page templates
- Update your canonical tags and hreflang tags if not already completed automatically by your CMS
- Ensure that all plugins / add-ons / modules and their links are updated in order to make sure nothing breaks or contains insecure content
- Crawl your site once more in order to make sure that nothing is broken and that you didn’t miss any links
- Ensure any external scripts that your site calls on are HTTPS rather than HTTP
- Reinforce your HTTPS URLs with server side HTTP 301 redirects and update any old redirects that may have been implemented to date
- Update your website sitemaps to ensure they contain HTTPS URLs rather than HTTP – and that the sitemap URLs themselves have been updated. You will also need to add the new sitemap URLs to your robots.txt file
- Enable HSTS and OCSP standing
- Update any disavow files you have set up, as well as URL parameter settings
- Add the HTTPS version of your website to the Google Search Console and any other tools you use
- Push the new HTTPS site live!
- Make sure you’ve updated your URL within Analytics and add an annotation note so that you can keep track of the date your website was migrated
- Update all social media accounts, paid media, email or marketing campaigns and any other tools you may use
- If you have time to clean up incoming links and update them to HTTPS, then do – but it is typically a very large job. So it’s best to focus on updating links you have control over, e.g. social profiles
Once completed, you can check the security / implementation of HTTPS within your website by visiting www.globalsign.ssllabs.com. You can see an example of a successful test within the previous image – this is the result when ran on the Varn website.
If you would like help in moving your website from HTTP to HTTPS, please let us know. We would be more than happy to help ensure that your migration is as smooth as possible so that you can experience the benefits of running on HTTPS. Get in touch today for more information.