We cannot overstate it enough: converting HTTP to HTTPS is absolutely necessary…if you haven’t converted your website as yet, now’s the time.
Do you leave your home unlocked all day, every day? Do you leave the keys to your car in the ignition no matter where you’re parked? Do you leave your safe door open, valuables on show to all? No? Why then would you leave your website – and by default your business – wide open and unsecured? By not converting HTTP to HTTPS, this is exactly what you’re doing: leaving the keys to your business in the lock – and already half-turned.
Dramatic? Perhaps. True? Definitely. Read on to find out the what, why, and how converting HTTP to HTTPS can protect your website. If you’ve got questions, we’ve got the answers.
What is HTTP?
It’s important to understand the differences between HTTP and HTTPS.
https:// “HTTP means HyperText Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when you enter the URL in your browser, this actually sends an HTTP command to the Web server directing it to fetch and transmit the requested Web page. The other main standard that controls how the World Wide Web works is HTML, which covers how Web pages are formatted and displayed.” (Webopedia.com)
Loosely translated, HTTP, the acronym for Hypertext Transfer Protocol, is the behind-the-scenes tool that allows users to send and receive information on the Internet. So why is converting http to https necessary? Let’s first explain what https is.
What is HTTPS?
https:// “HyperText Transfer Protocol Secure (HTTPS) is a variant of the standard web transfer protocol (HTTP) that adds a layer of security on the data in transit. This is done through a secure socket layer (SSL) or transport layer security (TLS) protocol connection. HTTPS enables encrypted communication and secure connection between a remote user and the primary web server.” (Techopedia.com)
Loosely translated, HTTPS, then, is the same thing as HTTP, but with added security. The S added onto the HTTP is a technical signal to tell users that your website is a safe place for browsing. It’s also safe for shopping and for users to give you things like their credit card details. It tells your visitors that any data and information they submit via your website is safe and secure from vulnerabilities.
By encrypting the data between the browser being used (e.g., Google Chrome, Firefox, or Safari) and the website being browsed, HTTPS protects the privacy of anything that users do on that website. Originally designed to make sure that data transmission was secure, for things like passwords, private data, credit card information, billing addresses, phone numbers, and other sensitive data, these days, most websites are switching over to HTTPS, for privacy and peace of mind.
HTTP vs HTTPS
HTTPS is HTTP… only with the Internet equivalent of a highly secure lock attached to it. (The kind of movie-worthy lock with a secret code that changes every few minutes.)
Quite simply, the two protocols are almost identical except for the use of SSL or TLS in HTTPS. But those three simple letters make all the difference, taking any data given to a website from universally available (to anyone who cares to go digging), to invisible (to all but those authorized to view it).
We recommend converting from HTTP to HTTPS because HTTPS employs SSL or TLS to secure information safely by:
- Encrypting the transferred data
- Ensuring data cannot be altered or corrupted during transmission
- And allowing only authenticated users to communicate with the website in question (i.e., users must have signed up and created a password for that site.)
Why Converting HTTP to HTTPS Matters
Data breaches. Two words that no business – or customers of that business – ever want to hear. Just ask Capital One… and their 100 million compromised clients.
While this is an extreme example (and to be fair, this was a case of a hacker with an inside line rather than a failure on their part to convert to HTTPS), their story is still one that should convince you that adding layer, upon layer, upon layer of security to your site can only be a good thing.
Let’s look at a few of the reasons why converting HTTP to HTTPS really matters.
Your Business Likes It
The primary reason to make the switch is an obvious one: to make your website and thus your business – along with any data you receive from customers – more secure.
Back in the dark ages, websites were little more than a calling card, the online version of window shopping, showing little more than who you were and what you offered. Your customers visited your website to browse, stare and point, but there wasn’t any significant exchange of information. Then things changed: suddenly your visitors could actually shop on your site. They could sign up to become members and receive newsletters. All of which involved them handing over some of their most important personal information – their full name, address, phone number, email address, credit card details, the keys to their soul… Suddenly your website was privy to all kinds of private data. Increasingly, given ongoing news of data breaches within big business, how you secure that data can make or break your business.
Not only are data breaches a PR nightmare and potentially business-breaking expensive, they affect more than just you. They affect your customers. (Not everything is about you.) And without your customers you are nothing. Which brings us to…
Your Customer Likes It
Internet users are increasingly savvy when it comes to knowing which sites are ‘safe’, trustworthy, and which require them to skedaddle at top speed!
More and more Internet users now know to look for an ‘s’ next to the HTTP, along with a lock symbol, as a signal that a website is secure for browsing and exchanging information. And while most of them won’t understand (and probably don’t want to) the technicalities of these signals – they don’t care about what HTTPS means vs HTTP – they do understand, and care, what will happen if the private information they are giving you is compromised. Hacked. Made public. It’s so much more than just a hassle: it’s an invasion of privacy, and it’s downright scary.
What’s more, this increasing site-safety-savviness is aided by the penchant of popular Internet Browsers for giving big red warning signs to users when they are about to enter a site which is not secure.
The key takeaway from this? More and more people are expecting security from the websites they visit, they know what it looks like, and if they don’t see it, they will click out of there, faster than you can say HTTP. Taking their valuable information, trust, and money with them. In fact, according to a GlobalSign survey, 84% of Internet users would rather abandon a purchase than finish the transaction if they can see that a site is not secure. Studies have also shown that, even with sites that don’t require an exchange of sensitive information, users trust, and visit, those with that ‘s’ at the end of HTTP more.
Google Likes It
Not only has Google Chrome been marking all HTTP sites as “not secure” since July 2018, which is not a good look for potential visitors, Google also uses HTTPS as a ranking factor. I.e., if your site isn’t secure, Google will penalize you on the SERPs. Also not a good look for potential visitors (if they get a look at you at all, that is).
HTTPS was officially acknowledged as an important ranking signal back in 2014. Simply put: sites with HTTPS will rank better on Google.
Given the amount of competition to rank well on SERPs as it is, and all the different areas where you need to shine to do so, this is at least one process you can perform to aid you in your quest to rank well that is fairly simple. (Note though: in the past it only mattered that pages or parts of a website that dealt with sensitive data were secured with an SSL certificate. This is no longer the case. Now, you will only earn a ranking advantage if every single page, i.e., your entire site, is properly secured with SSL.)
Will converting HTTP to HTTPS affect SEO?
Given that Google has officially acknowledged HTTPS as a ranking factor, albeit a ‘lightweight’ one, and have gone so far as to coin the term ‘HTTPS Everywhere’, it goes without saying that, yes, converting from HTTP to HTTPS can only but affect your SEO. Positively. Here’s how:
HTTPS may not give your rankings as big of a boost as, say, quality content, but as SEO practices go, it’s one of the simplest to implement. Plus, it’s a sure thing. Think of it as a basic building block of your overall SEO strategy. Moreover, we can almost guarantee that Google will, over time, increase its importance.
Better Referral Data
HTTPS also gives you better referral data in Google Analytics. If your site is still operating on HTTP, referral data from other HTTPS sites is automatically blocked within Google Analytics – they will only appear in your data as general ‘direct traffic’. This leaves you unable to see the actual source of any traffic coming from HTTPS sites linking to your content, telling you very little and giving you nothing to inform your strategy going forward.
Better Privacy, More Trust
Although privacy and trust aren’t technically ‘SEO’ strategies, by providing visible security you are promising users increased privacy and giving them more reason to trust you. If they trust you, they will use your services, shop your products, recommend you to their friends. And remember, user experience is everything to Google! All-seeing and all-powerful, if Google sees users flocking to your site, or fleeing as fast as their clicks can carry them, they will respond accordingly.
By adding that little ‘s’ to your URL, you are:
- Authenticating your website and server communication;
- Avoiding damage by dodgy third parties (a.k.a., hackers);
- Encrypting all your users’ data and communication, like browsing history and credit card information; and
- Effectively signaling that you will keep all their secrets safe, showing users, and Google, that their experience on your site, and their trust in you, is important.
All of which translates to increased trust, increased traffic, and increased business.
Any Negative Impacts to SEO?
As with all major site migrations, URL changes, and any other SEO implementations, you may very well experience a slight disruption and loss of rank after converting to HTTPS. This is normal and to be expected but it should not be significant. Plus, the follow-up recovery, and upwards boost, in rank should more than make up for any slight negative shift. Besides, the long-term negative effects of staying on HTTP, on not only your SEO but your site security in general, make this conversion a no-brainer.
How to convert HTTP to HTTPS
Let’s start with the obvious: check if your site is already HTTPS/SSL. It’s as simple as looking at your URL in your browser’s search bar to see if it starts with https:// or if it has that saving-grace ‘s’ added on at the end, making it https://.
If the ‘s’ is missing, now’s the time to remedy that by switching from HTTP to HTTPS in 7 steps, based on Google’s own recommendations:
- Determine if you require a single, multi-domain, or wildcard certificate. At 1st on the List we use DigiCert for all our SSL certificate needs.
- Use 2048-bit key certificates to generate a Certificate Signing Request (CSR) on your webserver.
- Make sure to maintain a current SSL certificate – click here to read more on how to purchase and install an SSL certificate.
- Use relative URLs for resources that reside on the same secure domain. (A relative URL being any URL that doesn’t explicitly specify the protocol (e.g., ” https:// ” or ” https:// “) and/or domain (www.example.com). This then forces a user’s browser to assume the URL in question refers to the same site on which the URL appears.
- Redirect to HTTPS pages using server-side 301 HTTP redirects.
- Update your robots.txt to allow your HTTPS pages to be crawled.
- Check that your website returns the correct HTTP status code.
Other tips from Google to ensure a smooth conversion to a secure site include:
- Avoid irrelevant redirects – i.e., don’t redirect all your old URLs to just one destination, such as your new home page, if your home page has nothing to do with the content on those pages. Pick a relevant page on your new site that matches the content of the original page.
- Update all canonical tags to the HTTPS version.
- Make sure to check and update all your internal links.
- Update sitemaps.
- If applicable, make sure you update your Google analytics tracking code on your new site.
- After the move, add your new HTTPS URL to Search Console and verify you own both the old and new destination sites in Search Console.
Still confused? Honestly, you’re not alone. There’s a reason there are professionals who have dedicated their life’s work to taking techie things like this off your plate and making your SEO life easier for you! Contact 1st on the List for help on converting your HTTP site to HTTPS, as well as all other things SEO-savvy, by calling 1-888-262-6687 or emailing firstname.lastname@example.org.