You might have read that Google uses HTTPS as a ranking signal and that e-commerce service providers like PayPal require HTTPS to integrate with your site.
This post is about how to adopt HTTPS with an SSL certificate and secure all communication to and from your website.
Get To Know HTTPS
First, what is HTTPS? It’s the encryption-enabled version of Hyper Text Transfer Protocol. You can tell it’s secure because of the S. This protocol helps computers transmit information (text, image files, good stuff) from your website’s server to your customer’s computer.
HTTPS scrambles info while it’s being transmitted so nobody can snoop on your customers and their info. That’s a fantastic thing.
HTTPS Requires SSL
Secure, locked-down websites are great. But you might be unsure about how to adopt HTTPS for yourself. It’s one of those things everyone will need soon but isn’t yet built-in to popular website hosting services. You still have to buy an SSL certificate separately in order to enable HTTPS for your site.
Ugh, what is SSL? Another acronym: Secure Sockets Layer. Watch this video about how SSL works. Or don’t! Basically, just know that SSL is the encryption technology behind HTTPS. It encrypts data sent between your website and customers’ computers as well as shows customers that the site they’re visiting is really you and not a fake copy.
The first step for most website owners is to purchase an SSL certificate. For simple websites, it’s easiest to purchase your certificate from the same company that hosts your website. Typically, you can do it online through your customer portal or by calling their customer service department. Read our guide to purchasing SSL certificates.
It’s especially easy if both your domain name and website are hosted in the same account. It may take just a few clicks on the order form to complete this stuff. In those cases, your hosting company will do most of the nerdy work once you complete that purchase and the certificate should be setup within minutes. You might get an email notification when it’s ready or you might just have to check in your customer portal.
Once you have SSL available for your website’s primary domain, you must update your website’s configuration to use it. This is where things get interesting.
Enable HTTPS for your website
Once your website has the ability to send information securely with encryption, you can choose to use the encryption on all pages of the website or just a few. For WordPress websites, the next step is the slightly scary one of changing your Site Address and WordPress Address. Just add S to the HTTP that’s already there.
Now, WordPress will use HTTPS when it loads instead of HTTP. At this time, you should also use a find and replace tool like Velvet Blues Update URLs to make sure links and references to the old HTTP address are updated to HTTPS.
CAUTION: If your certificate is improperly installed or inactive when you do this, you’ll probably break your website and need to follow these instructions for Moving WordPress to revert the Site Address and WordPress Address.
Other website publishing tools have their own instructions. I found this help document from HostGator to be a straightforward explanation of what do after you finish purchasing SSL for your website.
Setup 301 Redirects
What I find a little frustrating is the necessity of redirects to notify search engines that content has moved to a new address. The content doesn’t move. Nothing really changes location. The same things in the same place are transmitted with a secured connection. The address should not be considered “changed”. But it is. So, your work isn’t done after you enable your site to use SSL and adopt HTTPS. You must also create 301 redirects.
These redirects are special code placed in your website’s .htaccess file. This is something you have to do on your own or with an expert technician. Your website host might help through their customer service department, but that’s not guaranteed. For WordPress website owners, use code suggested by Designmodo in the “What’s Next?” section of this article.
Update Google Search Console
Got your 301s going? There’s yet one more step. Do you know Google’s Search Console? This is the main way you check up on your website with Google and troubleshoot search problems. You can register your ownership of your website and use Search Console to submit URLs to the index to make sure that Google starts showing them in search results.
Google considers HTTPS a new address so you need to register this address in Search Engine Console in addition to the HTTP version. Don’t delete the HTTP version. You want both. And probably the http://www and https://www versions as well. Not much to do with those, other than register them. But if you have search problems later, they’ll come in handy.
Once you’ve registered the HTTPS version of your address, you can move ahead with requesting a change of address with Google. This is the official method of telling Google you’ve adopted HTTPS and “moved”.
Celebrate With Ice Cream
Adopting HTTPS isn’t for internet newbies or the faint of heart. There’s a good chance you’ll mess up your site and join the masses of people asking for help in the comments of tutorial articles. So be careful! Expect to hit trouble. Expect your efforts to take twice as long to complete. Basically, lower your expectations. It’s even normal for your search engine ranking to drop on some pages. Yikes! It’ll come back over time as Google replaces HTTP entries with HTTPS.
If you have the chance to practice with a personal site before trying this on your business site, do that. If you can ask someone to do it for you, do that. Your IT could help, or digital marketing specialists like Roundpeg can get you going.
So, it might be a little while from when you start planning to adopt HTTPS to the day when you finish this project. But when you do finish, make sure to treat yourself.
Roundpeg is an Indianapolis web design firm.