Back towards the beginning of 2017, Google started to show warnings for sites that weren't encrypted online. These websites were labelled by Google as "not secure," which meant that companies had to act fast, or risk people refusing to come to their site to make purchases. In January 2018, this strategy for labelling unsecured sites was upgraded, to the point where any site without an HTTPS address now has a "not secure" ranking.
Although people trust the internet today a lot more than they once did, there's still a lot of anxiety around the information that can be found and stolen online. If you want your customers to trust you and your store, then now could be the time to consider migrating from HTTP to HTTPS. Here are some things to consider as you make the move.
1. Make Sure You Choose the Right SSL Certificate
Obtaining an HTTPS URL means obtaining the right SSL certification. The certificate that's best for your website will depend on your circumstances. For instance, a simple SSL is likely to be more than enough for small sites that are just getting off the ground, and don't necessarily need a lot of security to keep data safe. On the other hand, if you need extended protection for your business and consumer data, then you might need to consider a more comprehensive security certification.
Whatever kind of SSL certificate you choose, make sure that you check the credentials of the company offering the certificate to make sure that it's legitimate. You'll also need a high level of security with the newest versions of the latest TLS libraries.
2. Choose Your Deployment Option
Once you have your SSL certificate, you'll need to decide how you're going to update your website. Usually, this means gathering a list of all your current URLs taken from your primary domain and sub-domains. With that list, you can begin to install your SSL on your server. You may need to use a crawler to ensure that you have got all of your URLs, as the last thing you want to do is miss something out and end up causing problems with your site.
When you're ready, check that your web server is prepared to support the HTTP HSTS solution and that it's enabled. This will tell your browser to request any pages on the site using HTTPS as standard, even when HTTP is entered into the browser instead. If you're nervous about deploying your changes, you can add them to a development environment for your website to check that everything works as it should before altering your actual site.
3. Think About Boosting your Speed at the Same Time
While you're in the midst of updating your site with HTTPS, it might be a good time to think about upgrading your web presence with HTTP/2. This solution only works when you have HTTPS installed, and as the latest update in the Hypertext transfer protocol, it helps to improve the performance and speed of your website.
Remember, when customers are deciding whether to buy from your company, and search engines are choosing where to rank you on the result pages, they look at more than just security. Speed plays a big part in how well your site is perceived.
4. Use your CMS to Change Your URLs to HTTPS
Once you're ready, you'll need to decide how you're going to change your URLs to HTTPS. Usually, your CMS will be able to help with this. Some CMS solutions allow you to use search and replace in your database, while others will ask you to use an SSL plug-in. Make sure that all of your canonical URLs also lead to your new HTTPs locations.
You may need to spend some extra time finding subdomains and making sure that they're served with the HTTPS too. If you link out to unsecure sub-domains from your website, then you still won't have the level of safety you need to keep Google and your customers happy. If you use any plugins, make sure that they're secure.
5. Avoid any Potential Problems
There are a few common issues that can happen during an HTTPS migration. For instance, you might accidentally block Google from crawling your HTTPs URLs, so it's important to check this on your robots.txt pages. You'll also need to ensure that you're not creating any duplicate content because the permanent redirects from your HTTP to HTTPs pages aren't working properly.
If you're careful to replace all your HTTP URLs with HTTPS alternatives following the right instructions, you shouldn't have any problems.