Back in 2014, Google announced that there are various performance benefits of using https. Since then most of the companies are in dilemma that whether switching is right for their company or not. If yes then how to make the switch? Is it going to affect my search engine optimization (SEO) or there is very phenomenal change? So many questions right? Here I’ll answer all your questions in detail.
It is crucial to understand the difference between http and https. Either you can take help of our SEO experts for great results or you may refer this article.
Secure hypertext transfer protocol (HTTPs) - It was developed to allow authorized and secure transactions. It doesn’t allow unauthorized access hence making your information more secure. https and http establishes a connection to a server on a standard port. However, https offers an extra layer of security because it uses SSL to move data. Data sent using https is secured via transport layer security protocol which provides three layers of protection –
1. Encryption – It encrypts the data from eavesdroppers and make it secure. That means when you are browsing the web nobody can listen to their conversation, track their activities across multiple pages or steal information.
2. Data integrity – Data cannot be modified intentionally or unintentionally without being detected.
3. Authentication – It ensures that you communicate with the intended website. It protects against man in middle attacks and builds users trust, which translates into other business benefits.
Hypertext transfer protocol (HTTP) – http on other hand focuses on how information is presented to the user. It is considered stateless which means it doesn’t remember anything about the previous web session and helps in increased speed of your website.
Making the switch from http to https –
• Get a security certificate and Install on the server – You need an SSL certificate so that your specific organization detail is bound to a key. Now what is SSL? It is a protocol that is used by https. So you will have to install this in order to use https in your site. When it is installed, https protocol is activated allowing a secure connection between server and browser. There are various vendors available in the market, some of them are listed below –
GoGetSSL
SSLs.com
There are various types of SSL certificates like –
1. Domain validation – For single domains or subdomains, no paper work, cheap, issued within minutes. Just email verification is needed.
2. Business/organization validation – It is for single domains and subdomains and requires business verification. It provides higher level of security. It is issued within 1-3 days.
3. Extended validation certificate – It also provides higher level of security/trust and is issued within 2-7 days.
• Update references in content – This is done to update all references to internal links.
• Update canonical tags – Most of the CMS system takes care of that but why to take risk. Always double check before you make the switch.
• Update hreflang tags – If your website uses them, or any other tags such as OG tags for that matter. Again, most CMS systems will take care of this, but it’s best to QA it just in case.
• Update any plugins/module/add-ons – To make sure nothing breaks and that nothing contains insecure content. I commonly see internal site search and forms missed.
• CMS specific settings may need to be changed
• Crawl the site – Don’t forget to crawl your site, so that you get know the broken links, images etc. This can be done using screaming frog, Semrush, moz etc.
• Crawl the old URLs – Update URLs for any broken redirects of any.
• Update sitemaps – Update the sitemap to all https versions.
• Update your robots.txt file – To include your new sitemap.
• Enable HSTS – This tells the browser to always use https, which eliminates the server side check and helps your website load faster. This can also cause confusion at times, since the redirect will show as 307.
• Enable OCSP Stapling – To check this, go to “https://www.digicert.com/help “. In the Server Address box, type your server address. If OCSP stapling is enabled, under “SSL Certificate has not been revoked” you will see that it says “OCSP Staple: Not Enabled”. If OCSP stapling is not enabled, under “SSL Certificate has not been revoked”, it says “OCSP Staple: Not Enabled”, and you now need to see if the Intermediate Certificate is properly installed.
• Add Http/2 support – Go to KeyCDN dashboard and click zones, under the zone tab click on “Manage” button and then “Edit”. After that click on options to show “Advanced feature” and then select enabled and then “Save”.
• Add the Https version of your site – To all the search engine versions of Webmaster Tools that you use and load the new sitemap with HTTPS to them.
• Update your disavow file – Most of the people forget this step. If you had negative SEO and you have removed backlinks by submitting a disavow file then don’t forget to resubmit the list again.
• Update all URLs – It is always best practice to use relative URLS. There will always be times when someone has hard coded the site. So always check all the links during http to https migration. For e.g. – one of the URLs is – http://www.xyz.com then compare it to https URL i.e. https://www.xyz.com. The only difference between the URL is “s” after http. But it can make a lot of difference. So what you have to do is, create copies of all your sites page and then redirect all the “http” pages to “https” pages.
• Update your images and other links – It’s not only the links to pages that you should look upon but also other links, like links to images, style sheets, scripts, final URLs of your paid campaign, social media links to your site, email marketing software and all other external links to https version.
• Make sure to update URL in Google Analytics Platform – For this you need to login to your analytics account. Then click on Admins tab and then go to settings and select the https version. This way you don’t lose any history.
• Monitor everything during migration – Double check everything from links to sitemaps because there are so many places where things can go wrong. Also, you won’t see any change or small bump in seo ranking. But if there is drop in traffic for more than 2-3 days then there might be some issue. Start with checking the SSL certificate.
Advantages of switching to https –
• Increase in rankings – It’s obvious as it has been stated by Google that https sites is most likely to get a ranking boost which will increase over time.
• Referrer data – When traffic passes from http to an https site, the secure referral information is preserved unlike what happens when it passes through an http site.
• Security and privacy – It prevents tampering from third parties
• Trust and credibility – SSL adds credibility and trust and is commonly called as “SSL Trust”. It’s important for your visitors to know that your site is secure and that the information will be protected.
Disadvantages –
• You may come across duplication issue due to both http and https version of the site.
• Preventing Google to crawl https version of the site.
• Though people think that https is the secured protocol, but you may still be vulnerable to one or more of the following:
Downgrade attacks
SSL/TLS vulnerabilities
Hacks of a website, server or network
Software vulnerabilities
Brute force attacks
DDOS attacks
Most common problem with https migration is due to redirects which is not implemented correctly.
Key Takeaways
You must have understood after reading the blog that there is lot that goes with http to https migration, and the above blog can be very helpful while making the switch. It’s always better to have a secure connections for browsers and stay safe. The only problem I recognize is from poor planning, poor implementation or poor tracking. And therefore, I would recommend you to do a thorough study of entire blog before switching from http to https.
#Refer
- Search Engine Land
Annu Singh
Annu is B.E Information Science and is currently a search specialist at Megistron Media. She specializes in campaign audits & management, execution and creating solutions for global clients.