Image via istockphoto
Eric Gockel

Written by Eric Gockel

Share

Update 7/27/18: Google launched Chrome 68 this week and will now indicate sites without encrypted connections as “Not Secure” in the browser’s URL bar.

Even if you aren’t serving up secure user information, HTTPS will help prevent hackers from manipulating communications between your web pages and users’ browsers.

A hacker can use any unprotected resource between your web pages and your users. This includes HTML, scripts, cookies, and images. These intrusions can happen anywhere along the network, from a compromised ISP, Wi-Fi hotspot, or the user’s machine.

Impact of HTTPS on SEO

Google has announced that HTTPS is a ranking factor in search results. However, for only a small factor for now, impacting fewer than 1% of queries and less critical than high-quality content.

You’re losing referrer data if your visitors are from an HTTPS website and your site is HTTP. Switch to HTTPS, and you won’t suffer from HTTPS referral loss.

HTTPS is just one of the many factors you should include on your rankings improvement checklist.

Understanding HTTPS

HTTPS is used for Hypertext Transfer Protocol (HTTP) communication, and the “S” stands for “secure.”

When you add HTTPS, your users will get three critical layers of security:

  • A guarantee that your users communicate with the website they intended, preventing “man-in-the-middle” attacks.
  • The exchanged data is encrypted. This ensures that calls between your users and your website won’t be intercepted and information is not stolen. Without it, someone running a Wi-Fi access point could see private information like credit cards used to purchase something online.
  • Data integrity will ensure that the data, like credit card numbers and browsing history, won’t be altered or damaged during transmission.

Checklist for Implementing HTTPS

Make sure you do these things as part of your switchover to HTTPS:

  1. Enable HTTPS for your website and purchase a 2048-bit key certificate, as recommended by Google. We purchase most of ours through RapidSSL or Namecheap, but there are many other vendors to choose from.
  2. Clean up any old redirects. If you have any redirects for non-www to www or vice versa, make sure those are updated to point to https www so save on excessive redirect chains.
  3. All rel=canonical tags in the <head> portion of your website page templates should point to their correct HTTPS URLs. Update any hreflang or rel=alternate tags too.
  4. If you have a content delivery network (CDN), make sure that it supports SSL. We’ve used MaxCDN for some of our clients, and it works well.
  5. Update all your internal links in your themes and templates. This means pointers to JavaScript, images, and CSS files.
  6. If you have anything being served over HTTP instead of HTTPS, you’ll get flagged with a mixed-content warning.
  7. Crawl your website using a tool like Moz to ensure all your pages return a status code of 200 and are coming through via HTTPS.
  8. Tell Google you’ve moved to HTTPS. Google sees an HTTPS migration as a site move with a URL change. Add the new HTTPS site to your Google Search Console.

Tags
HTTPSSEO