May 22 2018
Does hearing about HTTPS, encryption and SSL certificates make your head spin? We get it.
The security of your website and protecting your users’ personal information can be a sensitive and intimidating topic, but we’re here to make sense of it all and what it means with Google’s HTTPS deadline just weeks away.
Back in February, Google announced that beginning on July 24th, 2018, their Chrome internet browser will warn users if a site is not HTTPS. Doing so will help users browse the web more safely while also protecting their data.
So, what is HTTPS?
If you have shopped on Amazon or logged into your bank’s website, then you have seen HTTPS. Across browsers, like Chrome and Firefox, it’s the green lock icon in the address bar. HTTPS is the Secure version of the standard HTTP (hypertext transfer protocol) and is what the “S” stands for.
In a HTTP connection, your internet browser looks up the IP address that corresponds to the website that you want to visit, connects to that IP and assumes that it’s found the correct web server. The problem is that data sent over the connection can be captured by eavesdroppers. For this reason, sensitive data like your credit card information and password should never be sent over a HTTP connection as it can be stolen.
On the other hand, in a HTTPS connection, the connection is encrypted, and no one can eavesdrop on your information. When you connect to a website with HTTPS, your internet browser checks the website’s SSL certificate and verifies whether it’s legitimate and has found the correct web server.
According to Google, since it began advocating for websites to switch to HTTPS through its Chrome internet browser, 81 of the top 100 sites on the Internet are now HTTPS.
When should I switch to HTTPS?
Google has set a deadline of July 2018 for when its Chrome browser will warn users that a site is Not secure because it is not HTTPS.
Since more than 50 percent of users worldwide use Chrome (according to StatCounter) the warning that your site is not secure may cause your visitors and potential leads to leave.
Google has also confirmed previously that HTTPS is a ranking factor, so not being HTTPS, particularly when the deadline rolls around, could cause your site to drop in search engine results below your competitors who may be HTTPS.
How do I make the switch to secure?
Making the switch to HTTPS is relatively straightforward. Below we have outlined best practices for a smooth and successful migration to HTTPS.
- Host with a dedicated IP address—The first step is to make sure that you are hosting with a dedicated IP address, which may be included when you buy your SSL certificate.
- Buy an SSL certificate—Once you have ensured that you have a dedicated IP address, you can purchase your SSL certificate, which you can do through the company that hosts your website.
- Request the SSL certificate—Next, you will need to request the SSL certificate and verify that you control the domain name that you want to install the certificate on.
- Install the SSL certificate—Download the certificate and install it onto the server, which can usually be done through your control panel.
- Update your site to enable HTTPS—Finally, update any links on your website that are HTTP to HTTPS, verify site ownership of the HTTPS version of your site in Google Search Console and Bing Webmaster Tools, and create and submit a new XML sitemap.
After these steps have been completed, congratulations! Your site is now HTTPS. However, you will want to keep an eye out for any bugs and fix immediately. You will also want to closely monitor your site’s rankings and traffic to make sure the HTTPS version of your site is being crawled and indexed correctly by the search engines.
If you need help with making the switch or if you have questions about the checklist above, contact us. As a client of TopSpot’s, we can assist you with the SSL installation process and making your site secure.