— March 21, 2018
Come July 2018 Chrome will be marking HTTP (Hypertext transfer protocol) sites as ‘not secure’ according to the announcement made by Google at the beginning of the year. This is a move that Firefox already executed in 2017, and it has not worked well with small business owners who still use HTTP. Luckily for many, the percentage of those using Firefox is low.
Over 50% of web users use Chrome as their primary browser. From July all these will be greeted with caution whenever they try to access HTTP sites. This will not work in favor of more than 50% of websites that have not switched to HTTPS (hypertext transfer protocol secure).
HTTPS was officially included as a search engine optimization (SEO) tool in 2014. The fact that Google took time to announce this means it is a big deal outrightly. Google never reveals ranking factors to avoid fraudulent people playing with the system.
Any website that takes personal data from the users and truly cares should take security seriously. It is clear that the benefits are way mo156o\re than the drawbacks. If you are yet to make the switch to HTTPS, you have a few months to do so. Here is a comprehensive step by step guide to help you cross the pond.
Security Acquisition and Server Installation
This is where the journey begins. Security acquisition and server installation depend on your hosting and the settings on your server. What you will need is a security certificate which will afterward be installed on your server. There are reliable, free and open certificate authorities that can help you out with this.
Update Every Reference
If you fail to update all the references, there will be mixed content problems whereby the initial content on your site will load on HTTPS while the additional resources like images loading on the insecure HTTP.
This is not a small issue and must be resolved. If you don’t do this, the issue can jeopardize the security of the entire page making it endangered to hacking activities.
The process is a straightforward one. You can do reference updates to a query where you find and replace or use a directive which will enable the browser to request the HTTPS version to make the required updates.
The other resources like plugins must be manually tested to ensure they are safely functioning.
The Redirects on External Links Must Be Updated
A competent SEO firm knows that this tops the list. It is unfortunate that many miss out on this. If redirects are not done, every link obtained by the domain will result in chaining. If it happens then, the redirects will be jumping from the old formation to new before jumping to HTTP to HTTPS.
Your ranking will be affected because the bots will fail to send all the signals used for ranking content because of the unnecessary steps within a sequence of redirects.
There are big domains in the world that have lost their visibility because of this unnecessary redirects that end up causing the bots miss on their function.
If by now you have not channeled your backlinks towards a live page within one redirect then here is a secret to propelling your site for better performance.
The first step is taking all data concerning your backlinks. Next, you will run the referred pages through a website crawler to check the page. Depending on what the crawler tells you, you can take the right action.
If you see 4xx, you will direct them to the secure version of the relevant page. On the other hand, if you see one that goes through plenty of steps before settling on a page, you will need to point them to the right destination page that is secure.
Ultimately, the working ones will be handled by the redirects of HTTP to HTTPS and do not require any action from you.
Compel HTTPS with Redirects
This one also depends on your setup and hosting. WordPress, for instance, will handle this through the admin panel automatically. If your setup is different and you are not getting any help, you will need to update the main configuration files with a rule redirect which will be well documented.
The problem that is commonly occurring with rule redirection is different commands for compelling HTTPS as for compelling www. The result will be chaining which will cause HTTPS to be forced to the second step after www. is added to the URL.
Rule redirects need to be pointed towards HTTPS as their landing place to prevent this problem.
Activate HSTS to Avoid Hacking
HSTS is an acronym that stands for
H – HTTP
S – Strict
S – Security
It is a directive by the web server that compels all requests for information to be loaded via HTTPS. Using HTTPS redirection only leaves a loophole for hackers to penetrate to your site and cause trouble. They can still forcefully load your site via the insecure version. When the HSTS is enabled, this loophole can be sealed leaving the ‘bad people’ no other option.
A valid SSL certification is compulsory in this case and should meet the requirement of all subdomains. This will then need you to add code to your configuration files.
Activate OCSP to Eliminate Inefficiencies Give You a Grace Period in Case of Expiry
OCSP stands for
O – Online
C – Certificate
S – Status
P – Protocol
It is an improvement on the CRL which stands for C – certificate R – revocation L – a list which had to be checked for the security certificate status. With CRL you had to download a list to compare which brought out inefficiency and inaccuracy issues.
OCSP eliminates inefficiencies and inaccuracies by querying the certificate with the problem alone. Another important thing is the OCSP allows you time to acquire another certificate in case of expiry.
Add on HTTP/2 to Increase the Performance
Hypertext transfer protocol is a set of commands that the web uses to format or submit among servers and browsers. HTTP/2 increases the performance of these activities such that you can load multiple pages at a go.
HTTP/2 is estimated to have 50 to 70 percent better loading times than HTTP/1.1.
XML Sitemaps, HREFLANG, Canonical Tags, XML should be Updated in robots.txt
This is one of the points that should have been covered right at the second stage of updating every reference. Since it greatly affects your SEO, we will discuss it to make it clear.
Making these updates is crucial. If you fail to do it, the Googlebot will fail to send the necessary signals to the sites you want to be seen. Instead, they will be dealing with double requests leading to their focus diverting to the wrong pages.
Add Hypertext Transfer Protocol Security to Google Search Console (GSC)
Besides adding HTTP to GSC, you should also make sure the disavow file and URL settings are up to date. GSC is a free tool that every website owner should be taking advantage of. It works at the subdomain level and yet many ignore it.
Failure to create a new account to reflect your shifting to HTTPS will on the other hand not reflect the live status of the GSC account. Your site will also be unsafe because of this.
The problem will aggravate in cases where your site has in the past had toxic backlink issues which needed a disavow file.
If your site gives the Google bots a hard time to crawl it is necessary that you add HTTPS to your GSC account and make the settings required to get rid of the inefficiencies. Take this seriously – create a GSC account and make the updates to the information appropriately.
Make Updates to Your Social Media Accounts, Email Providers, and Google Accounts
You want your users on social media platforms, email providers, and apps to get redirected to your new HTTPS site without going through unnecessary redirects. If this happens many looks for other options.
Even as you do this migration go about it with an open mind and patience. Allow any potential trouble to be resolved in a test phase first. This will make sure that your audience gets the best experience using your new HTTPS site.
Sites that have successfully migrated to HTTPS had to follow a specific method. This systematic approach ensures that every potential risk is put to the test and then resolved appropriately.
Migrating to HTTPS before July 2018 will not only secure your site – your SEO will be positively affected as you will rank higher in the Google search. Evidently HTTPS offers security to your site and therefore is highly preferred by Google and ranks HTTPS sites better than HTTP unsecure sites.
For you to successfully benefit from the migration follow every detail of this guide from top to bottom. If you do this, rest assured your website will be secure, your users will trust you and your ranking can get better.