Google has recently announced that starting July this year, Chrome will be marking HTTP sites as not secure. This move will make them be in line with Firefox which implemented the same in 2017. This also means that 71% of all the web users using any browser will be greeted with a warning message as they try to access any HTTP site.
Google has always maintained that security is its top priority. This is evident by the fact that in 2014, they had announced that HTTPS is officially a ranking factor. Every website which stores user data, in truth, shouldn’t need brownie points to prioritize security over convenience.
Switching to HTTPS is a move worth considering for all the benefits that it provides. Below mentioned is the guide for you to help you move your site to HTTPS.
1. Procure a security certificate
Use encrypt services and open an SSL certificate authority in order to procure a security certificate.
2. Fix mixed content issues
Mixed content is when your site’s initial page has a secure HTTPS connection, but other resources including scripts, etc. have an insecure HTTPS connection. If this issue is unresolved, then it could snowball into a huge issue. This is because HTTPS resources tend to weaken your site’s overall page security, making it even more vulnerable to hacking.
Your effort in updating internal resources to https should be simple and straightforward. The same can also be easily done with a replaced database query. Alternatively, you can also request the https version called on a page of any resource. On the other hand, CDNs, plugins and any other external resources will have to be configured to be tested manually in order to make sure that they function properly.
You will have three options in case there are any issues with the external-controlled references - host the content on your site directly, include the resource from a different host, or exclude the host altogether.
3. Update redirects on external links
Any SEO agency will prioritize updating redirects on external links, but it sometimes gets missed. If you fail to do this, then it will cause every link acquired by your domain to chain. In such a case, there will be the redirect jump to new structure from the old even before moving from http to https using a second redirect.
As an SEO agency, you are required to take every necessary step within a proper sequence of redirects in order to allow Googlebot to pass all the ranking signals from one url to another. In case if you are facing issues with the redirect chains, you can lose a huge amount of visibility. So, make sure you audit your backlinks to make sure that you have all the points to a live page within a single redirect page.
In order to do this, ensure that you have all your backlink data. In simple words, do not rely on any single tool; keep a mix of ahrefs, Majestic and Google Search Console data. Next up, you can run all the referred pages through Screaming Fox in order to audit and ensure that your pages are able to load.
4. Enable HTTPS with redirects
Forcing https with redirects depends upon your set up. Various CMSs such as WordPress will assist you with this within the admin panel. If this is not feasible, then you may need to update your .htaccess within a rule redirect. One of the issues that you may be faced with is the separate rule for forcing https in a similar fashion as www. So, ensure that you update any rule redirects in order to point to https as your main destination to avoid such issues.
5. Enable OCPS
Within the CRL, your browsers have to check for any issues within the servers and its SSL certificate. However, this would mean downloading the entire list as well as comparing - which is time consuming and inefficient from a bandwidth point of view. Using the OCSP will help you overcome this challenge.
6. Update canonical tags, HREF lang and XML sitemaps
There is no need to explain these points. But, to reiterate, make sure your canonical tags, XML sitemaps, sitemap references and href lang within the robots.txt are properly updated for proper migration to https.
Finally, you will have to go through as well as update any references to your website on any social media channel, apps, as well as email providers in order to ensure that your users do not get redirected unnecessarily.
It goes without saying that your migration should be done with a test environment to start with to make sure that you spot any bugs to be resolved within the allocated time. So, follow these steps to reap rewards with a better secure site, better user trust as well as a better ranking signal to boot.