In this article we are going to show you why adding SSL to your website will increase traffic and conversions. In additional to explaining why adding and SSL certificate and running your website under HTTPS is critical for your business, we’ll also show you the best methods for implementing your new SSL certificate to minimize downtime, and in some cases how you can get a free or very low cost SSL certificate for your business.
First let’s cover some SSL basics in regards to what exactly they are and how they work to protect you and your website visitors. SSL stands for “Secure Sockets Layer” and is the protocol that HTTPS uses to secure communications between users and servers. So what does that mean in non-geek talk? Your SSL certificate is basically a hidden security badge for your website that is checked and confirmed by your web browser when visiting a website over HTTPS instead of HTTP (The S in HTTPS is for secure). So in order for your website to run under HTTPS, you need a valid SSL certificate that matches your domain name and is properly installed on your web hosting server.
The problem with HTTP is that it is not secure, meaning that anyone with access to your internet connection could easily see what websites you’re visiting, what your searching for and what personal data you’re entering into websites. For example, if your computer was infected with a virus, it could record anything you do on websites using HTTP instead of HTTPS, steal the personal information you submit or worse yet, blackmail you.
The way HTTPS (the transfer protocol that shakes hands with your SSL certificate) solves this security problem is by applying a layer of data encryption to each and every communication sent from your computer to the web server and back. Only the web server your communicating with and your computer have the key combination to unlock this level of security encryption and decipher the message. An easy way to see if you’re on a secure website is by seeing a locked padlock icon in the address bar of your browser.
Understanding SSL versus TLS
Let’s end some confusion right away. TLS stands for Transport Layer Security and is basically just the newest version of SSL. Both SSL and TLS terms are used in the same way. SSL is the old term for the secure communication between users and servers while TLS is the future. So just understand that if someone says “TLS” they are talking about the same type of technology as SSL. As of this article, you will want to ensure your site is using TLS 1.2 or higher.
4 HTTPS Myths We Hear ALL The Time – Don’t Believe The Hype!
SSL Myth 1
You’ll hear people say, ‘If you don’t have sensitive information on your website or if you are not selling a product or service where someone buys online, then there is no need for an SSL certificate.”
There are many problems with this statement. The biggest one is as of October 2017, Google Chrome will start to warn people with this message:
SSL Myth 2
We’ve heard people say things like, “SSLs don’t increase security.”
This completely wrong. HTTPS is so much more than making your website secure for online purchases. It also provides integrity and authenticity for your website visitors. When you don’t have an HTTPs then your website traffic can be modified by a middleman like an ISP or airport WIFI. How do you feel that your website visitors can easily be redirected to malicious website courtesy of a shady DNS? Well, this is what your business is risking by not have SSL certificate on its website.
SSL Myth 3
We’ve heard many people say things like, “You don’t need an SSL for a blog.”
Again SSL certificates do not make your website secure, but what they do is helps your website’s information travel securing between your website to the user’s device and vice versa. Does your blog collect information like ask people to sign up for a newsletter? If so, then you’ll want to have an SSL on your blog. Do you care that your blog readers will give the correct information from your website without getting intercepted by a hacker? If so, then you’ll want to have an SSL on your blog. So next time someone asks, “Do you need an SSL for your blog?” Scream back, “YES!!!”.
SSL Myth 4
We hear people stuff like, “Encrypting all pages on your website will only slow them down.”
That is NOT TRUE! If fact, when it can be faster. It’s faster when you setup your new SSL on HTTP2, which can ONLY be done once you have an SSL certificate. Troy Hunt has this great visual on load time between a non-secure website on a HTTP/1 vs the same website with a SSL certificate on HTTP2, which shows you that HTTPS can be faster than a HTTP website. Another great visual to understand the difference between HTTP1 vs HTTP2 was done by Kinsta (see below).
5 Reasons You Should Move Your Company’s Website From HTTP To HTTPS
It’s the right thing to do for your website users by transferring information securely from your website to their devices (and vice versa).
You can have a faster loading website by using HTTP2 (see above examples). Again a net win for you and your users.
You are future proofing for what the search engines and browsers (like Chrome), expect you to do.
It’s a positive ranking factor, and that is straight from Google’s mouth. And Brian Dean’s research of analyzing 1 million search results proved that, in fact, many of the first page results on Google have a strong correlation with sites that have HTTPS. Just see his image of this data below.
Improved analytics data from referral traffic. When traffic passes to an HTTPS site, the secure referral information is preserved. This is unlike what happens when traffic passes through an HTTP site, and it is stripped away and looks as though it is “direct traffic” on most analytics software.
The Ultimate Checklist for Migrating from HTTP to HTTPS
Before Launching HTTPS Checklist:
SSL Certification Setting – Get, configure and test the TLS certificate using SHA-2 for SSL on the server.
Google Search Console Registration – Register both domains HTTP & HTTPS in Google Search Console, along with your www and non-www versions. If you also had registered individual subdomains or subdirectories in the Google Search Console, replicate that registration & configuration with their https version.
Rankings Monitoring – Be sure to benchmark your rankings in both Google and Bing prior to changing your website to the https
Current top site pages & queries identification – Identify the top pages and related queries- attracting organic search visibility & traffic so you can prioritize when validating & monitoring the site performance. It’s a great idea to mark notes in Google Analytics timeline.
Crawl the current website – Crawl the current website and find any broken links and technical issues and be sure to fix those issues first before moving HTTP to https.
New HTTPS web setting with updated internal links – Set the new web version to make the new changes too. Be sure to test & update the links on a stage environment. It’s common to remember to point to the URLs to the new destinations, but often people forget files like images, js, pdfs, etc. Be sure to point all files to the new HTTPS structure.
New HTTPS Web canonicalization
Update the canonical tags to include absolute URLs using https on the stage environment.
New HTTPS Web canonicalization
Verify in the stage environment that all of the already existing rewrites & redirects behavior (non-www vs. www; slash vs. non-slash, etc.) are also implemented in the https Web version as they used to work on the HTTP one.
Redirects preparation – Set the new Web version to make the changes, test & update the links on a stage environment, to point to the URLs (pages & resources such as images, js, pdfs, etc. too) with HTTPS.
New XML Sitemap Generation – Generate a new XML Sitemap with the URLs with https to be uploaded in the HTTPs Google Search Console Profile once the site is moved.
Prepare the robots.txt to be uploaded on the https domain version when the site is launched replicating the existing directives for HTTP, but by pointing to the https URLs if necessary.
Campaigns updates preparation
Prepare changes on any ads, emailing or affiliates campaigns to start pointing to the https URLs versions when the migration is done.
Disavow Configuration – Did you have a penalty at some point and needed to submit a disavow list? Verify if there were any disavow requests submitted in the past that will need to be resubmitted again for the https URLs versions in its own Google Search Console profile.
If you’re migrating a gTLD that you are geo-targeting through the Google Search Console (as well as its subdomains or subdirectories, in case you’re individually geo-targeting them), make sure to geo-target them again with the https domain version.
URLs Parameters Configuration
If URLs parameters are handled through the Google Search Console the existing configuration should be replicated in the HTTPs site profile.
CDN Configuration Preparation
If a CDN is used verify that they will be able to properly serve the https domain version of the site and handle SSL when the migration is done.
Ads & 3rd-Party Extension Preparation – Verify that any served ads code, 3d party extensions or social plugins used on the site will properly work when this is moved to https.
Web Analytics Configuration Preparation
Make sure that the existing Web Analytics configuration will also monitor the traffic of the https domain. This often means setting up new profiles in Google Analytics, Adobe Omniture, etc.
5 Biggest Mistakes Webmasters Make When Migrating a Website From HTTP to HTTPS
We have seen terrible things happen when development teams do not use a checklist like this during the migration of a website from being unsecured to being secured.
Biggest SSL Migration Mistake 1 – Launching the new site on HTTPS, but leaving it ‘no index, no follow’ staging status on, which tells the search engines NOT to index the website. We can’t tell you how many developers miss this very important step or forget to do it once they push the staging site live.
Biggest SSL Migration Mistake 2 – Not getting an SSL for all versions of their website, like on multilingual websites. It doesn’t have to be expensive too because you can use services like Cloudflare, which is currently free as I write this.
Biggest SSL Migration Mistake 3 – Not having 1 URL serving all their content. So many developers have so many different versions of their website being served up and when you do this you split the leverage of all your website’s authority to different pages. It can even cause duplicate content issues when you have this setup wrong.
We’ll use our website to show you how the perfect HTTPS setup for SEO purposes looks like:
HTTPS is enabled, meaning you can type in https://www.poweredbysearch.com and you’ll see the website.
The other HTTPS URL — in this case, https://poweredbysearch.com — as well as both HTTP URLs (http://poweredbysearch.com and http://www.poweredbysearch.com) all redirect to https://www.poweredbysearch.com ensuring there is ONLY 1 canonical version of the content available
Every redirect leads directly to the canonical version of the content. It redirects A –> B, not A –> D –> C –> B
Every redirect uses the HTTP status codes for permanent redirects (301s), instead of temporary redirects (302 or 307)
Don’t make those common SSL migration mistakes listed above!
Do You Want To Download Our SSL Migration Checklist?
If you want to download our SSL migration checklist, you can do so here (it’s free!). You may also know other business who need this important information and you can socially share it to them by using the social sharing icons on this page or just cut and copy the URL and email it to them. They’ll thank you for it later! If you have any questions about migrating your website from HTTP to HTTPS you can also leave a comment below and we’ll answer it.
Do You Want Our Help to Migrate Your Website From HTTP to HTTPS?
aHrefs did a study of 10,000 websites with HTTPS and found that 90% of them did not setup it up right. The highlights are shown in the infographic below.
90% of HTTPS is setup wrong on most websites.
Can you afford to have your SSL setup wrong? Are you worried what that if setup wrong it can impact your visibility? You should be.
The stats prove that 9 out of 10 websites setup it up wrong. The chances are if you don’t have an experienced SEO PRO do this, then chances are you too will suffer the same fate. If you just prefer to have some SEO experts do the migration for your company, you can contact us to do it, as we have done dozens of SSL certificate website migrations over the last few years.
Tagged with: chrome, Google, http, https, seo, ssl