Most of the internet functions on the basis of what’s called the Hypertext Transfer Protocol (HTTP). This is what enables us to click on a link, and be sent to a different web page, rather than having to type in the address manually. HTTPS, an updated version of this protocol, helps protect sensitive information that’s transmitted over the internet (the “S” stands for “secure”).
This is accomplished with SSL certificates. SSL stands for Secure Sockets Layer. It is basically the technology that keeps your internet connection secure and protects data online. A site with an SSL certificate will appear with “HTTPS” at the beginning of the URL, rather than “HTTP”. This is especially important for sensitive information like credit card numbers, passwords, or other Personally Identifying Information (PII). SSL prevents malicious users from accessing or modifying any information transferred between your website and your users.
Recognizing the significance of SSL certificates in keeping website users safe, Google announced HTTPS as a ranking signal in 2014. So, in addition to being safer for your customers, websites with HTTPS also rank better in search results.
If your website is already serving on HTTPS, you can test its security level and configuration with this Qualys Lab tool. If your website does not yet utilize HTTPS, we strongly recommend making the switch. However, there are some very important things to keep in mind when adding an SSL certificate and migrating to HTTPS. Failing to consider these items can be very damaging to the performance of your website in search engines.
If you want to botch your HTTPS transition simply ignore these 5 key items:
- Appropriate Redirects: Make sure that all of your HTTP URLs appropriately redirect to the new HTTPS version of the site. If both versions are available this can cause a duplicate content issue.
- Canonical Tags: Canonical tags show search engines the preferred version of your website. Sometimes websites get migrated to HTTPS but the canonical tags still point to HTTP pages. Search engine will find the HTTPS version, then be pointed to an HTTP version, which then redirects back to the HTTPS version. This kind of digital tennis can damage your rankings.
- Update Internal links: If your internal links and navigation links are pointing to the non-secure version of your URLs this will create a bit of a redirect chain. Ideally, every link will point to the final destination of the desired page.
- Add HTTPS Site To Search Console: Be sure to include a new instance of search console for the HTTPS version of your website to gather accurate data about your site and indexation.
- Update Sitemap: Like the canonical issue noted above, Sitemaps are often forgotten or slip through the cracks when moving to HTTPS. It’s important to make sure the URLs in your active sitemap.xml file are all updated to the HTTPS version so Google isn’t wasting its time on URLs that don’t exist or that redirect.
You should also be aware that hosting only part of your website over HTTPS and leaving portions of it as unencrypted HTTP will leave your site vulnerable to certain cyber attacks. If you want your users’ data to be secure, don’t leave the hackers any backdoors this way.
After making the jump to HTTPS you might not see wild improvements in rankings or conversions on your website right away (though it can happen). However, If you successfully transition to HTTPS you should see noticeable positive results over time. Most importantly, your customers will thank you because their data will be safer.