Article by Guest Poster
This article was written by a guest contributor. The author's views below are entirely his or her own and may not reflect the views of WHSR.
I’m sure you don’t need me to tell you that if you want to have a high ranking website these days then you’ve got your work cut out.
Getting backlinks, optimizing pages, creating content, social media…it’s a wonder we have time to run our businesses these days.
But amongst these things there are a few other important tasks that which are also Google ranking factors.
We’re talking about things like speeding up your website, making it mobile friendly and making your website secure.
Just so you can see what I’m talking about, here are the relevant Google announcements on these:
Now when it comes to loadspeeds there are potentially dozens of factors that come into play but for most small business website just switching to SSD Hosting will usually be enough.
When it comes to mobile friendliness that usually means you’ll have to open your wallet and invest in a responsive website. In this case you could keep costs down by either going for a ready made template or even using a mobile website builder if cash is a real issue for you.
But when it comes to security the basic price of admission these days is to switch to secure HTTPS Hosting. That will involve buying an SSL Certificate.
So that’s what we’re going to cover in this post.
In this post I’ll explain:
Sounds like a plan? Great, let’s get started.
When you browse the internet and land on a website take a look at the browser bar to see the address of the website. Most websites will start with HTTP which stands for Hypertext Transfer Protocol.
That’s just a fancy way of describing the system that allows distributed systems to communicate with one another.
But sometimes you’ll notice a site that starts with HTTPS. The ‘S’ stands for ‘Secure’ and that shows that the link between your computer and the website is secure.
You may be more familiar with HTTPS by the padlock symbol that appears or the green browsing bar.
The way that HTTPS works is that it creates an encrypted connection between the website and the device you are browsing on. This prevents any data from being intercepted by hackers between the two machines.
This is especially important for websites that accept sensitive and confidential details such as payment card details or login passwords.
HTTPS used to be pretty much for Ecommerce sites to accept payments. It used to be just the payment areas but in recent years there has been a gradual switch to make the entire website secure.
This has been partly due to an increased awareness of the risks of not having a secure website but also because Google have clearly stated that having an HTTPS website is a ranking factor.
So the bottom line is that HTTPS is good for security, good for your online reputation and good for your Google ranking! What’s not to like?
So how do you make the switch to HTTPS? Well first you’ll need an SSL Certificate.
If you want to switch to SSL you’ll need to buy an SSL Certificate. Normally you can buy these direct from your hosting company.
The SSL Certificate is just a data file that binds an encrypted ‘key’ to your website to ensure that the connection is secure when someone browses your site.
The SSL Certificate activates the padlock or the green browser bar depending on the type of certificate used and ensures that the link is a secure HTTPS one.
When you buy an SSL Certificate you will notice that there are several types of SSL available and they have differing features and pricing.
Overall the way they work doesn’t change – you don’t get a more secure connection because you’re paying more.
Below is a quick overview of several types of SSL:
Microsoft Internet Explorer 7+, Opera 9.5+, Firefox 3+, Google Chrome, Apple Safari 3.2+ and iPhone Safari 3.0+ will identify ExtendedSSL Certificates as EV Certificates and activate the browser interface security enhancements.
So now that you understand the different types of SSL, let’s run through the steps to install it and switch from HTTP to HTTPS.
Before we do that it’s worth bringing to your attention that some of the steps are very straightforward whereas others require a degree of technical knowledge. Overall if you are not comfortable making these kinds of changes we would definitely recommend using the services of a web developer and using this guide as a checklist to make sure that things have been done to your satisfaction.
Also, depending on your level of technical expertise and the type of hosting you use you may be able to perform some or all of the below actions. For example, if you run a VPS or Dedicated Server you might not even need your hosting company to be involved as you can create the Certificate Signing Request and approve the SSL Certificate yourself (Step 1). If in doubt though, please check with your hosting company..
Most people will buy their SSL Certificate from their hosting company because they can assist with the installation.
To keep things simple we’ll assume that you get the equivalent of a domain SSL where there is no lengthy verification process. What will happen is that once you order the certificate you’ll be sent an automatic email to one of a set of pre-defined email addresses to prove that you are the owner of the domain.
Usually it will be something like webmaster@yourdomain.
You can decide to go with a Certificate that has www. or you can choose it without. It all boils down to personal preference. If you’re not sure just stick with www. before the domain.
One you receive your certificate code it will need to be installed on the server. Again, this is something that your hosting company will usually assist you with.
Whenever you’re making changes to your site it’s always best to run a backup. It’s just a belt and braces approach to make sure you have a backup available if you experience any issues.
Contact your hosting company about this but usually you can run a full backup via your hosting control panel like cPanel.
If you check your website’s internal links you will notice that they are all using HTTP. Obviously these need to be updated to HTTPS links. Now in a few steps we’ll show you a way to do this globally using a redirection technique.
However, it is best practice to update your internal links from HTTP to HTTPS.
If you’ve got a small website with just a few pages that shouldn’t take too long. However if you have hundreds of pages it would take ages so you’d be better off using a tool to automate this to save time.
Once you switch to HTTPS if you have external websites linking to you they will be pointing to the HTTP version. We’ll be setting up a redirection in a few steps time, but if there are any external websites where you control your profile then you can update the URL to point to the HTTPS version.
Good examples of these would be your social media profiles, GoogleMyBusiness and any directory listings where you have a profile page that’s under your control.
OK onto the techie bit and if you’re not confident with this type of thing then it’s definitely time to get some expert assistance. It’s pretty straightforward and doesn’t take much time at all in fact, but you just need to know what you’re doing.
With a 301 Redirect what you’re doing is telling Google that a particular page has been permanently moved to another address. In this case you’re going to tell Google that any HTTP pages on your site are now HTTPS so it redirects Google to the correct pages.
For most people who use Linux web hosting this will be done through the .htaccess file. If you have another type of web server just ask your hosting company and they will advise.
This is actually an optional step because not everyone uses a CDN. CDN stands for Content Delivery Network and it’s a geographically distributed set of servers that store copies of your web files and they present them to your visitors from a geographically close server to improve the speed that it loads for them.
As well as performance improvements, a CDN can also offer better security because it’s servers can monitor and identify malicious traffic and stop it reaching your website.
An example of a popular CDN is Cloudflare.
Either way, just ask your hosting company if you are using a CDN. If you aren’t fine, just move on to the next step.
If you are then you need to contact the CDN and ask them for instructions to update your SSL so that their CDN system recognises it.
Nowadays many businesses will use a range of additional tools such as email autoresponders and landing page generators as well as billing systems.
These all need to be checked through to update any links that point to HTTP content.
Likewise if you are using paid search you should double check the links for your landing pages.
Of course the 301 Redirect (Step 5 above) will cover this, but it is always best to double check and make these changes.
Last but not least you’ll need to update Google Search Console (aka Google Webmaster Tools) and Google Analytics.
With Google Analytics you’ll just need to switch the default URL to HTTPS and with Google Search Console it needs the HTTPS version and SiteMap to be submitted.
The direction of travel is clear when it comes to security.
HTTPS is the minimum standard required and Google is actively promoting this by making it one of their ranking factors.
In order to switch there is a step by step process you can follow. If you are not sure you’ll need some help from your hosting company and probably from a web developer. However, this is a one-off activity and once you’ve done it you’re set for the future.
About the author: Tony Messer
Author & co-founder of Pickaweb, UK web hosting provider. Having worked with thousands of small businesses, ecommerce retailers and startups, Tony is passionate about helping businesses achieve remarkable results. Connect with Tony on Pick A Web, Twitter @AntonyMesser, and Facebook /Tony Messer.