SEO Benefits of Securing Your Website
Making the switch to HTTPS
A few years ago, Google officially announced that switching over to HTTPS will give your website a bit of a ranking boost. In April 2017, Google took additional steps by announcing that Chrome now marks HTTP pages as “Not Secure” if they have password or credit card fields, and when users enter data on a page.
For all intents and purposes, this will be the death of non-secure HTTP pages on the web, or at least for websites that want to compete in the search rankings. You may remember back in April 2015, Google released a new mobile-friendly ranking algorithm that was designed to give a boost to mobile-friendly pages in Google’s mobile search results. These too were originally labelled with “mobile friendly” in the search results.
As soon as Google implements a feature where websites that meet a certain standard get labelled as such, all other websites are essentially pressured into getting their act together. In that case it was mobile responsive websites. And sure enough, eventually enough websites made the jump to responsive web design that Google removed the “mobile friendly” tag in the search results.
Now we are seeing the same thing with security of websites in the search results. Website owners are again “pressured” into making changes to their websites in order to please Google.
What is HTTP? What is HTTPS?
As you browse the web, you’ve probably seen a padlock or similar indication in your browser’s address bar. This padlock means the website has taken steps to secure the connection. Secure websites use “https://” at the beginning of their address rather than “http://”.
HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol, that signals the browser to use an added encryption layer for data between the user’s computer and the website. Users expect a secure and private online experience when using a website. When you adopt HTTPS you will protect your users’ connection to your website, regardless of the content on the site.
There are several steps that need to happen for this to work:
- 1. When you want to visit a website, in particular a secure website, your browser will request the secure pages you need.
- 2. The web server will then send a public key containing its certificate.
- 3. Your browser will then check this certificate to make sure it is issued by a trusted party, and that it is still valid.
- 4. Your browser then uses tho public key for encrypting the requested page (or URL) into a random symmetric encryption key.
- 5. The web server then decrypts the symmetric encryption key using its own private key.
- 6. The web server sends back the requested web page (on URL) with data encrypted with the symmetric key.
- 7. Your browser then decrypts the data and displays the information.
The Security Certificate
As a business owner with a website, the main thing you need to understand is the certificate part. A security certificate is needed to make your website secure. It contains information about the owner of the certificate such as your e-mail address, your name, certificate usage, duration of validity, resource location or Distinguished Name (website or e-mail address) and the certificate ID of the person who certifies all of this information. It contains also the public key and additional steps to ensure that the certificate has not been tampered with. A certificate is insecure until it is signed.
You’ll need to purchase your SSL certificate through one of many possible vendors. We recommend GoDaddy simply because their certificates are well-priced and they offer customer support if needed.
I’ve Bought My SSL Certificate. Now What?
If you are converting your website over from a non-secure version, there are many steps to take to ensure you experience no downtime, your search rankings don’t suffer, and all of your pages are accessible to your users. Relentless can assist with this process to ensure your transition is as smooth as possible.
Steps we would typically take once you have purchased your SSL Certificate:
- 1. Crawl the current website to understand all of the pages on your website. This gives us a working list of all your content, blog posts, images, PDF’s and other assets.
- 2. Install your SSL Certificate on the server.
- 3. Update all references within the content of the website from http to https.
- 4. Update all references in templates being used.
- 5. Update all references in any plug-ins being used.
- 6. Change your CMS settings if needed, for example WordPress requires certain modifications.
- 7. Re-crawl the website to make sure there were no pages missed, no broken links, etc.
- 8. Update old redirects and fix redirect chains.
- 9. Update sitemaps to include the HTTPS versions of the pages.
- 10. Update the robots.txt file with the new site map.
- 11. Enable HSTS – this is a way to keep you from inadvertently switching AWAY from SSL once you’ve visited a site via HTTPS.
- 12. Enable Online Certificate Status Protocol.
- 13. Add the HTTPS version of your site to Google Search Console and Bing Webmaster Tools.
- 14. Final re-crawl to check for errors before going live.
- 15. Go live with SSL changes.
Currently about 45% of the top search results that come up in Google are of sites with HTTPS, not HTTP. It’s pretty clear where Google is headed and moving to a secure website is a pretty easy ranking factor to take advantage of. In addition to the SEO benefits of moving to HTTPS, it is also a far more secure system for your website to operate in, which benefits your site visitors and your business overall.
Please contact us if you would like us convert your website to HTTPS.
Posted on: 05/16/2017
Posted by: Craig Hauptman – President & Founder