Secure Your Site with HTTPS

As of 2017, Google is going to flag your site, if the whole thing is not protected by an SSL certificate. With Chrome version 62 being released, websites with any kind of text input will need an SSL certificate. This is an important consideration for site owners, because Google wants to “encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”

Secure Websites vs Insecure Websites

This headline is shouting the truth. Websites are insecure without HTTPS. That is the concept, in a nutshell. This isn’t just for eCommerce sites anymore. You must secure your site with HTTPS in order to make sure that your visitors have safe interactions with your site.

First, you need to understand what these terms mean:

  • HTTPS: Hyper-Text Transfer Protocol Secure is a URL indicator that indicates a secure connection.
  • SSL: Secure Sockets Layer is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

Is HTTPS just for eCommerce Sites?

The short answer is NO.

Historically, HTTPS connections were primarily used for online payment transactions, e-mail, and for sensitive transactions in corporate information systems.

Since 2000, it has become much more common for sites of all kinds to install SSL certificates, for added layers of security in a less and less secure world.

Using HTTPS means that information exchanged between you and a web site is encrypted and cannot be hijacked along the way. This is important for much more than shopping carts. We exchange a ton more types of information now than we did in the early days of the internet.

All of our information should be secure, not just our credit card numbers.

New Sites vs Existing Sites

For the cost of an SSL certificate you can, and should, build your new site secured with HTTPS. That is the standard for websites. Not just because of this announcement, but because you should take every possible step to ensure that your user’s visit is safe and secure.

Existing sites should switch NOW to avoid being flagged.

The following checklist will help you make the switch as cleanly as possible.

How to Secure Your Site with HTTPS

  1. First, check your site, to see if it is already secure. Example: https://www.2cdevgroup.com
    • If your site is secure, congratulations! You got a rankings boost.
    • Have an eCommerce site? Be sure to check your home page URL for this, not a checkout page, which should already be HTTPS.
      • In your case, you will not need to purchase an SSL certificate. Your domain already is using one for the checkout process.
      • However, you still need to work through the rest of the steps in this article.
  2. Learn the difference between two types of internal link paths.
    • Relative Paths look like:
      • index.html
      • /graphics/image.png
      • /help/articles/how-to-secure-my-site.html
    • Absolute Paths look like:
      • http://www.yourdomainname.com
      • http://www.yourdomainname.com/graphics/image.png
      • http://www.yourdomainname.com/help/articles/how-to-secure-my-site.html
  3. Create a list of all the internal links on your site.
    • Use a free tool, like Zenu, for this.
  4. Check to see what kind of internal link paths your site is built with.
    • Absolute? (good for security)
    • Relative? (leaves your site open to be stolen and put on another domain name)
    • Or some of each? (this is pretty normal)
  5. Make a development copy of your site, that is not hosted publicly.
    • Most eCommerce platforms will set up a development site for things like this.
    • If you use WordPress, you can use a duplicator tool that takes all the hard work out of it.
  6. Change all link paths to https.
    • If you have a tool that searches and replaces one for the other, this is not a big deal.
    • WordPress has a nifty plugin that does this for you, called Really Simple SSL.
  7. Buy a SSL certificate from your host, and have them install it on your domain.
  8. Upload your updated website over your current site (if you created a development site).
  9. Avoid catastrophe!
    • Do not use the noindex robots meta tag on your site pages.
    • Make sure your robots.txt file encourages crawling of the https version of your site, not http.
    • Be sure and force all version of you domain name address to redirect to the https version, otherwise you may lose folks coming to it from your business card, or social media, etc.
  10. SUPER IMPORTANT!
    • Claim the https version of your site in Google’s Search Console.
    • Change the URL version to https in Google Analytics.
    • Be sure to update the links to your site on all PPC advertisting.

 

This can be really tricky with large eCommerce sites, like Miva or Magento, that may have html pages outside of their shopping cart platform, and/or integrated WordPress blogs. We don’t suggest attempting to do this on your own. Please call us to schedule your SSL conversion ASAP! 316-686-2284