13 Nov HTTP to HTTPS: A Complete Guide to Securing Your Website
Installing an SSL certificate on your website is an easy way to improve your organic search engine optimization (SEO) and give your users (especially ones making online purchases, donations, logging in or filling out forms) peace of mind. An SSL (Secure Sockets Layer) certificate allows your website to encrypt information transmitted back and forth between visitors web browsers and your website. This means credit card numbers, login information and form details are transmitted securely instead of as plain text. We’ll give you the HTTPS complete guide to securing your website.
Here are some of the benefits to using HTTPS as explained in an #semrushchat recap:
Don’t worry, we explain it all below.
- How does this effect my website’s SEO?
- Wait, Google is warning people that browse my website using HTTP that is not secure?
- How do I check if my site is using HTTPS?
- What do I need to consider before installing an SSL certificate and switch to HTTPS?
- How do I install an SSL certificate on my web host?
- What do I do after I make the switch to HTTPS?
- What if I want help switching to SSL?
How does this effect my website’s SEO?
In 2014, Google announced that HTTPS is a ranking factor. Although there are debates about how much of an effect (if any) using HTTPS makes on your search engine rankings, it’s still a good idea since Google Chrome has been steadily increasing it’s warning to users browsing unsecure websites.
Wait, Google is warning people that browse my website using HTTP that is not secure?
Last year, the Google Chrome security team announced that Chrome 56 will mark HTTP sites that transmit passwords or credit cards as insecure. Since then they have been steadily increasing the “Not secure” warnings.
In September 2016, Google began letting companies know that increased warnings about websites using the HTTP protocol were coming. Despite this, Pure Oxygen estimated that 40% of the top 100 internet retailers were still using the HTTP protocol in August 2017.
In October 2017, Chrome started showing the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.
Google has said they plan to roll out more obvious security warnings in the future.
How do I check if my site is using HTTPS?
The easiest way to tell if your website is using an SSL certificate and HTTPS is to use the latest version of Firefox or Chrome as your web browser and look for the green lock icon in the address bar.
If you go visit a website and it looks like this in Chrome or Firefox, then it is secure:
If you visit your website and you don’t see the green lock icon in Chrome or Firefox then you may be using an old version of the browser or your website is not secure using HTTPS. It will look something like this:
What do I need to consider before installing an SSL certificate and switching to HTTPS?
There are a number of considerations to think about before installing your SSL certificate. We cover them below in our HTTPS complete guide:
Fix any issues before migrating
If there are any broken components or issues on your website, fix them before you make the migration. That way you will know everything was working before the migration and it will make solving any problems afterwards much easier.
Check domain name configuration
SSL certificates usually require a website to be using a static IP address in order to be installed. Depending on your hosting environment, you may not have a static IP address. If you have to change to a static IP address to install your SSL certificate, a DNS update or A record change may be required. So make sure you have your logging information to your domain registrar before proceeding.
Update 301 redirects to HTTPS.
Find all of your existing 301 redirects on your website and be ready to update them to the HTTPS version.
If you use a CDN (Content Delivery Network), make sure that it won’t cause any issues, and will properly serve the HTTP domain version of your site and handle SSL when the website is migrated to the new version.
Check internal links
Check your robots.txt file.
If you have a robots.txt file, then make a copy of it and update the URLs to HTTPS and have it ready for when you make the switch.
Make a complete website backup
Before you proceed with installing an SSL certificate and migrating your website to HTTPS, be sure to make a complete website backup (including your database and configuration files). This way you will have a copy of the website before you start making changes.
Notify your Support team
If you have someone that helps support your website (like you’re on one of our Care Plans) or you have someone else that helps maintain and support your website, notify them at least 24 hours in advance of migrating your website to HTTPS. This will ensure that they are available if any issues arise and they may have more knowledge about your website setup that they can share ahead of time to avoid any issues.
If this sounds complicated, @Aleyda has created an HTTP to HTTPS complete guide to migration checklist with tasks to do before, during and after the migration you can access for free here.
How do I install an SSL certificate on my web host?
Depending on your web host, you may have to purchase an SSL certificate or you maybe able to use a free one from Let’s Encrypt with a few clicks of a button.
Before starting, be sure that your site and domains are configured properly:
- The WP Engine site for which you want certificates must be live. (You can test whether it is live by visiting <install_name>.wpengine.com.)
- The domains and subdomains for which you want certificates must resolve to your WP Engine site. (You can test whether it resolves properly by visiting your domain and comparing it to <install_name>.wpengine.com.)
Steps to installing the Let’s Encrypt SSL on your WP Engine website:
- Log on to the WP Engine User Portal.
- Click your install_name> SSL > Add Certificates > Get Let’s Encrypt.
- Select the domains for which you want HTTPS. (Be sure that the domains you select resolve to your WP Engine site.)
You can refer to WP Engine Let’s Encrypt installation guide if you have any questions.
- To access the Let’s Encrypt certificate interface, login to your cPanel and click the Let’s Encrypt tool in the Security tab.
- Once there, you will see a list of the installed certificated for your account.
- Just select the domain name that you want to issue the certificate for and enter a valid email address. Then, press the Install button to proceed.
- In a few moments, you will have a working SSL certificate for your domain name! Now you just need to configure your application to work via https:// to start using the certificate on your site.
You can refer to the SiteGround Let’s Encrypt installation guide if you have any questions.
As of the writing of this article, GoDaddy does not offer an easy automated way (like WP Engine and SiteGround) to install a Let’s Encrypt SSL certificate on your account. It requires using SSH and manually renewing your certificate every 90 days or implementing your own renewal script.
Of course, you can purchase an SSL certificate from GoDaddy but it will cost you usually around $55-70 per year. For this reason, we would recommend hosting your WordPress website with one of the Best WordPress Web Hosts.
Installing an SSL Certificate for other web hosts will vary. You can try doing a Google search for your web host name and “let’s encrypt” to see if there are any instructions. Otherwise contact your website support team or your web host to find out how to do it and if there is a cost involved.
What do I do after I make the switch to HTTPS?
Be sure once you make the switch to HTTPS that you check your website for any issues. There may be some content or links that are still using http that need to be updated. Try to load all content using HTTPS.
What if I want help switching to SSL? I don’t feel comfortable doing the HTTPS Complete Guide…
If you’re on one of our Website Care Plans then just contact our Support team and we will be glad to assist you.
If you’re not on our Website Care Plans, we welcome clients who are looking for a long term partner with a professional and dedicated webmaster. Please contact us and we can provide more information.