Congratulations! If you’ve landed here, you’re either switching or considering a switch from HTTP to HTTPS for your website. In my opinion, there are few things better you can do to potentially preserve the privacy of your web visitors data, and to indicate to users that their privacy matters to you, while showing Google and other search engines that you take the application of best practice very seriously.
Playing this video loads a YouTube embed in privacy-enhanced mode.
Read on to find out how the process of moving to HTTPS works, and why it will improve your website!
What does HTTPS mean?
HTTPS stands for Hypertext Transfer Protocol Secure. This is a secure alternative to HTTP connections, so your web address reads https://www.mydomain.ie instead of http://www.mydomain.ie. You can get a HTTPS connection in web browsers, by purchasing an SSL certificate. SSL, or Secure Sockets Layer, is an encryption-based Internet security protocol. SSL certificates are installed on your server and linked to your specific domain, this means data transmitted across the web is encrypted so if an attempt is made to intercept it, it will look like a random mix of characters almost impossible to decrypt.
But enough of the technical stuff, let’s explore why NOT having a HTTPS connection could be off-putting to web visitors.
How HTTP can drive visitors away from your website
As a more visual representation of the issues around continuing to use HTTP, let’s take a look at the screenshots below. These were taken on a MacBook in August 2021 across three major browsers, and as you can see, many people would find these browser messages off-putting when visiting your website, they might prefer not to submit web enquiries and may decide not to even continue navigating your site!
This could impact on your web ranking in an indirect way too, as visitors instead of staying on your website, indicating to Google that your web page was relevant to their search, instead they ‘bounce’ quickly from your website back to their search results to find a page that looks more secure.
Safari screenshot HTTP connection
As you can see, Safari web browser will put a ‘Not Secure’ alert right at the top of the address bar next to your domain.
Firefox screenshot HTTP connection
Chrome screenshot HTTP connection
Your connection to this site is not fully secure
This message typically appears when your page is serving a combination of secure AND insecure content. So for example, the images on your web page displaying this message, are being served from a HTTP location. To resolve this notification make sure that ALL content on the page including images are being served from the HTTPS location.
301 Apache redirect HTTP to HTTPS
Since Google treats HTTPS pages as new, how can we make sure you keep your existing good ranking with Google after moving the website to HTTPS?
This is achieved by the use of 301 redirects as a server side redirect method of loading in the new HTTPS version of the ‘old’ HTTP url. If you are lucky enough to be running a static website, you may be reliant on using a client side redirect instead, and yes, this means either a meta refresh redirect or (cringe!!!) a JavaScript redirect. While I’m cringing still needs must and there’s nothing wrong with using a JS redirect if it’s all that’s available to you, it will ultimately be treated as a 301 by Google.
Read more about redirects at https://developers.google.com/search/docs/advanced/crawling/301-redirects
Example code below that you would insert into your .htaccess file, to send every request for HTTP to it’s equivalent url under HTTPS. This is also known as a wildcard redirect. If you’re not a technical person reading this, skip to ‘Use your SEO to manage a HTTPS move’ as they will thankfully be managing this entire process for you!
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>This 301 redirect works if you have the mod_rewrite rule enabled on an Apache server
When you are making the move to HTTPS, try to keep the existing structure of your website and url’s the same where possible. This ensures every HTTP page has an equivalent HTTPS one at the same location.
Use your SEO to manage a HTTPS move
Search engine optimisers are SO important to manage big moves like this for your website. Imagine you switched and didn’t redirect any of your existing pages? Google would treat each webpage as if it was brand new, back to square one for you, or page 12.5! Valuable backlinks to your content from other websites would be going to the wrong location. Your SEO will also make sure you’ve updated your url across social media profiles to the new HTTPS version too which can help Google along in recognising your HTTPS website more quickly and returning it in search results instead of the old HTTP one.
You get a teeny little ranking boost to boot from Google as a reward, but the real reward is in keeping your customers data safe and private, and stopping browsers from displaying those off-putting security warnings to people.
Renew your SSL certificate
Now all you have to do is make sure you renew your SSL cert in a timely manner! Don’t let that invoice go and lapse because believe me the above warnings look like absolute compliments compared with what browsers are going to display to visitors who click on a HTTPS address to get to a website that hasn’t renewed their SSL cert.
Firefox full-screen browser message if your websites SSL cert is not renewed.
Eep! We definitely don’t want valuable web visitors hitting off-putting warnings when trying to get to your website!
HTTP v HTTPS – Make the leap
HTTPS protects your visitors connections to your website, it displays your website in the browser as ‘secure’, which gives your web visitors peace of mind that you are looking after their personal data. As you can see above, staying on that HTTP insecure connection is bad for your website, it may drive visitors away as browser warnings get more and more strict. Your HTTP web visitors data also isn’t fully protected from ‘man in the middle’ attacks, or the ability to intercept their submitted data while it’s in transit. With everything encrypted you satisfy for both user privacy and web browser expectations.
If you are still on a HTTP website that needs upgrading, contact me or your trusted local SEO wherever you are in the world, to manage the process for you!