Google Wants you to Migrate to HTTPS: The Benefits of SSL Encryption
Probably, if you haven’t migrated already to an https url, you’d have received an email from Google or your host company to migrate to HTTPs.
An integral part of Google’s mission to make the web a safer and better place, migrating to https is like awaking to the reality of a big city and locking doors to keep safe instead of sleeping peacefully in a crime free town.
In https, the s itself signifies the purpose as it stands for secure, meaning that the site has been installed with a ‘secure sockets layer’ (SSL). It prevents unauthorized parties from listening or observing the conversations going back and forth between the website and the user by encrypting them entirely. It ensures the communications reach the intended end user by providing authentication and hence prevents corruption of data.
Initially, it was believed that encryption was needed only when your webpage asked for sensitive information like credit card or financial details or social security numbers from users, but now, it is slowly becoming a need for all pages and sites.
It is often possible that through a legitimate-looking email, you clicked into a page that looks credible but is fraudulent. A non-secure conversation can be hacked into by cyber criminals who may provide a modified version of the website to the visitors and lure them into fake transaction which you didn’t create.
While high traffic websites with more traffic are at a greater risk, criminals may hijack smaller sites too for extracting sensitive information since it is often easier, specially is the site is not secured. Hence, Google is pushing you to migrate to https.
The consequences of staying with http:
Without SSL, your site will still function, but leaving it unsecured may bring a bigger issue later:
- Even if the user isn’t using a browser that will give a not secure warning for your website, when all other sites have migrated to https, yours will come across as highly insecure. Also, it will be more vulnerable to predator attacks as they will be on the lookout for unencrypted websites.
- Google is likely to rank down your website in the search algorithm to penalize you for not using a secure connection. Also, for users using Chrome, the form field may be flagged as not secure, deterring users from sharing information.
Google has been encouraging https migration for a while
It is not a very recent development as Google has been down-ranking unencrypted websites since 2014, though very slightly. Over 50% of pages viewed by desktop users are encrypted according to the data in the Google Transparency Report. Hence, it is clear that the search rank penalty by Google for weakly encrypted or unencrypted website has a significant role to play with deterring traffic from reaching your website.
Since October 2017 the penalties have become aggressive and hence it is best to migrate if you have not already. You too might have encountered warnings like ‘your connection is not private, or ‘hackers might be trying to steal your information’ pushing you to click the back to safety option when trying to open unsecured websites. You do not want users to encounter the same for your website.
To migrate to HTTPs, you will first need to obtain a SSL certificate.
How to get a SSL certificate?
Except if you credit card or financial transactions involved, a basic level certificate will cover your needs. Almost all hosting companies offer SSL certificates and hence you can enquire with them for the simplest solution. While there are also SSL certificate options available at no cost, hosting companies may not make it possible for you to use them. Dreamhost is one company which lets you use Let’s Encrypt, a free and one click operation for securing your website. With other hosts, you may have to check for what they have on offer.
How to change the website from http to https
With your SSL certificate purchased and installed, you will next have to reconfigure your website to use the renewed address.
Changes that need to be considered attentively are:
- The site’s base url needs to be changed in your settings
- To force the site to use https, you need to change the config file
- Any urls beginning with http: used in your site structure need to be changed, including videos, images, js, css, webfonts etc.
- Any unnecessary redirect chains in your htaccess file needs to be removed
- Issues with canonical urls need to be checked for
- Any internal links including http need to be changed
- The new url needs to be registered with Google Search Console and you must check if it reconnects with Google Analytics
- For re-indexing, the site with its new url must be submitted to Google
Once you’ve handled this, you should monitor the website for any breakdowns for some time. There may be images or multimedia with HTTP in their path, making the page they appear on display as insecure. Search ‘site.[yourDomain].com’ on Google and check if the pages Google is indexing on your site are found as https URLs. When using the Search Console to fetch to Google, your most important pages as considered by Google will be re-indexed instantly while others may take time to be re-indexed completely.
If you do all the above actions right, your main benefits will be:
- Creating a sense of security and trustworthiness for your visitors
- Improved rankings and results in Google search
- A slightly better site speed
If you are tech savvy and have designed and developed your website yourself, you’d find it simple to migrate yourself, or you can hire a developer to do the required for you. A secure platform is definitely a plus not just for better customer loyalty and trustworthiness, but also to up your own traffic with the increased rankings.
May 13, 2018