Why and How to Secure your Website with the HTTPS Protocol
Google announced that they would be making a change to how their Chrome web browser would view sites not using the HTTPS protocol last year. At the time it might not have seemed very significant, however, if your business values search rankings and indexing then it is quite important. As a top web development company, we wanted to explain why and how to secure your website with the HTTPS protocol to ensure your business and its reputation is protected.
What is HTTPS?
HTTP stands for hypertext transfer protocol and it is the foundation of data communication on the internet. While HTTP is the original version, a more secure version has been created called hypertext transfer protocol secure (HTTPS) which keeps data sent between your web browser and the target website safe and secure via encryption.
Last year Google implemented a change in the Chrome browser where any website using the standard HTTP that collects passwords or credit card information was marked as “Not secure” in the browser bar before the web address. By now most everyone has run across that message a time or two. This change was also implemented in the Firefox web browser the previous year.
Why is using HTTPS Important?
There are quite a few reasons why using HTTPS is important:
- Security – Using HTTPS keeps sensitive data transferring between a browser and website encrypted which helps protect customers. Anyone using Google or Chrome is a customer for Google and they want to do everything they can to make those customers happy. In this case, adding a warning when security is not present alerts their customers about a potential problem.
- SEO – HTTPS is a ranking signal, although currently, it is a lightly weighted one. However, that could easily change in the future. Google is also starting to index HTTPS pages first. Using HTTPS also provides access to HTTP/2, which can affect your website speed in a positive way. Both speed and site performance are directly related to user preference and satisfaction which are ranking signals for Google and other search engines.
- Usability – There are some elements, tools, and embedded code which will not work when navigating between HTTP and HTTPS. That means if your site is using HTTP and it interacts with another site using HTTPS there can be issues.
- Credibility – Security online has always been a concern to consumers and that can directly relate to a business’s credibility. Using things like a Norton Secured badge on a site or a VeriSign Secured emblem can instill trust with customers. HTTPS does the same while displaying “Not Secure” next to your HTTP web address does not. Statistics have shown that people are much more likely to abandon a transaction if they feel their data is at risk due to an unsafe or unsecured connection. That could lead customers to abandon your site in favor of a more secure one such as your competition.
How to implement the HTTPS Protocol
These are the important steps to follow for migration to HTTPS:
- Obtain and install a security certificate on the server.
- Update any and all references and resources to prevent mixed content issues. In some cases, images and scripts may be loaded from an insecure HTTP connection even if your page loads over a secure connection. This can make the page more vulnerable to hacking. XML sitemaps, sitemap references in robots.txt, HREF LANG, and canonical tags should also be updated to point to HTTPS.
- Update all redirects on external links otherwise, it can create unnecessary redirects going from old to new and then from HTTP to HTTPS. Web crawling software such as Screaming Frog can help as well as Google Search Console.
- Update rule redirects to point to HTTPS as the destination rather than www. first then HTTPS.
- Enable HTTP Strict Transport Security (HSTS) which will force all requests for resources to load through HTTPS and protects the system from downgrade attacks.
- Enable Online certificate status protocol (OCSP) which will improve upon the certificate revocation list process.
- Add Hypertext transfer protocol 2 (HTTP/2) which is a set of rules for how messages travel between servers and browsers. This will provide a performance boost as multiple requests can be processed at the same time which increases load times.
- Create a new HTTPS profile on Google Search Console so that it will reflect your live site. A disavow file should be uploaded as well to protect the new subdomain.
- Update all default web address references on all accounts. That means on your website, business cards, stationery, social media accounts, apps, and email providers so that users get directly to the site without going through unnecessary redirects.
Ideally, this should all be done in a test environment first so that bugs or problems can be resolved.
The Bottom Line
The bottom line is that security is critical for any business that operates online and wishes to exchange data or obtain information from customers. Understanding why and how to secure your website with the HTTPS protocol means your business takes its customers security seriously because even if your site does not transfer any data, you are now at least aware of why sites are doing this and how it could negatively impact rankings, indexing, and credibility if you choose not to make use of this additional layer of security.
Be sure to check back every week for great new Lounge Lizard blog articles.