Blog

Safety Access and Password Protection Icon.

Why You Should Know the Difference Between HTTP and HTTPS

Whether or not you are concerned about making your website more secure, switching to an HTTPS security-encrypted web platform is still a good idea. Why, you ask? Because having that extra level of security for your browser and site visitors will increase your Google ranking. This is actually old news, and was announced on the Google Webmaster Central Blog back in August 2014, but bears repeating. But, those domain owners and webmasters without the “obvious” need for an SSL or Secure Socket Layer (now also knowns as Transport Layer Security, or TLS), such as with an ecommerce site, shopping cart page, or page where payment card information is handled haven’t felt the need to purchase the SSL security for their sites. Well, anyone with a domain that expects to rank well on today’s Web may want to rethink the overall importance of featuring HTTPS encryption, if they are handling or transferring any “sensitive or personally-identifiable information” at all.

HTTPS

The Argument for HTTPS

Since security is a stated top priority for Google, sites that feature HTTPS pages are receiving stronger rankings ipso facto, following the standards Google uses for their own proprietary sites. Google has said, in effect, “Those who make security encryption of web page data a top priority will rank on a scale closer to that of highly-authoritative sites, or those with lots of inbound linking.” That is the cumulative “present tense” effect since their August 2014 announcement when they referred to their HTTPS ranking as a “very lightweight signal…and carrying less weight than other signals such as high-quality content”. But, they added, “while we give webmasters time to switch to HTTPS,” implying that the ranking of HTTPS-encrypted websites will begin ranking on par with authoritative, well-linked-to websites in the future, i.e., right now.

How to Switch to HTTPS

This run-down on how to make the switchover from HTTP to HTTPS is for all of those who are familiar with how to do back-end work on a website. Others can forward these steps to their webmasters or programmers, if they are unfamiliar with or need a refresher on how to make the HTTPS/TLS switch.

  • Purchase an SSL certificate and a dedicated IP address from your hosting company.
  • Install and configure the SSL certificate.
  • Perform a full back-up of your site in case you need to revert back.
  • Configure any hard internal links within your website, from HTTP to HTTPS.
  • Update any code libraries, such as JavaScript, Ajax and any third-party plugins.
  • Redirect any external links you control to HTTPS, such as directory listings.
  • Update htaccess applications, such as Apache Web Server, LiteSpeed, NGinx Config and your internet services manager function (such as Windows Web Server), to redirect HTTP traffic to HTTPS.
  • If you are using a content delivery network (CDN), update your CDN’s SSL settings.
  • Implement 301 redirects on a page-by-page basis.
  • Update any links you use in marketing automation tools, such as email links.
  • Update any landing pages and paid search links.
  • Set up an HTTPS site in Google Search Console and Google Analytics.

Here are some Google tips on making TLS adoption a smoother process, and how to avoid making common mistakes:

  • Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
  • Use 2048-bit key certificates
  • Use relative URLs for resources that reside on the same secure domain
  • Use protocol-relative URLs for all other domains
  • Check out our Site move article for more guidelines on how to change your website’s address
  • Don’t block your HTTPS site from crawling using robots.txt
  • Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.

For Further Help with the HTTPS Switch

If you need further advice on how to make your site into an HTTPS-encrypted one, {company} is a proven leader in providing computer networking and IT consulting {city}. Contact one of our IT experts at {phone} or send us an email at {email} today, and we can help you with all of your HTTPS/TLS adoption questions or needs.

Share

Steve West

Ntegra IT is devoted to providing reliable Computer Support to businesses that want to improve productivity and profitability. We deliver custom designed Network Services that better map to your business, so you can stop worrying about your technology and get back to achieving your business goals.