Find Out Why It's Time to Convert to SSL ASAP
Find Out Why It's Time to Convert to SSL ASAPGoogle HTTPS Ranking can no longer be ignored.
Since July 2018 with the release of Chrome 68, Non-HTTPS sites are now labeled as “Not Secure”.
Technically, this doesn't mean there is anything wrong with your site, but visitors may be confused by the label.
Google wants a more secure web and is staging a multi-phase roll out of changes to its Chrome browser to encourage website owners to switch to HTTPS, also known as SSL.
Data from Google Chrome usage shows that more than 70% of Chrome users are visiting HTTPS-enabled websites, which indicates that browsing via HTTPS is becoming the norm. Armed with that data, Google is taking steps to "encourage" the global adoption of SSL/HTTPS.
What is HTTPS/SSL?
Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, which is the protocol over which data is sent between a browser and a website.
The 'S' at the end of HTTPS stands for 'Secure' which means all exchanges of information between the browser and the site are encrypted.
This video from Google I/O explains why SSL is so important and why they are pushing the HTTPS Everywhere" initiative.
Why should you use HTTPS instead of HTTP?
Google Favors SSL
Firstly, HTTPS has been a confirmed Google ranking factor since 2014, so getting a small rankings boost is good reason #1 for switching to HTTPS.
Users Favor Secure Websites
Secondly, if your website is not using HTTPS/SSL, your website credibility and search engine rankings may be affected.
We'll explain how...
Since July 2018: Visitors Are Reminded That Your Site is Not Secured by HTTPS
Since July 2018: Visitors Are Reminded That Your Site is Not Secured by HTTPSThis has the potential to directly affect the credibility of your website.
As announced in September 2016, Google Chrome had already begun to mark non-secure pages containing password and credit card input fields as Not Secure in the URL bar.
Previously, this only appeared on non-SSL pages that ask for a password or credit card information. This includes simple WordPress password-protected pages.
However, Google confirmed, that as of July 2018, this warning appears on ALL pages served over HTTP vs. HTTPS, like this:
This type of warning may easily be interpreted by visitors to mean that your site has been hacked or compromised affecting the perceived credibility of your website. (SSL Shaming anyone?)
Convert from HTTP to HTTPS to Avoid the 'Not Secure' Warning
By converting your website to HTTPS, assuming it is implemented correctly, your visitors will see a "Secure" message indicating that your site is secure.
More Reasons Why You Should Convert Your Website to HTTPS/SSL
1. SSL is a Google Ranking Signal
Google introduced SSL as a weak ranking signal way back in 2014. At the time, Google hinted that over time, they might decide to strengthen it as a signal because they wanted to encourage all website owners to switch from HTTP to HTTPS.
The time has come to step up your SEO game.
Every day, more business owners get hip to the fact that competing online requires digital marketing and a more advanced strategy for SEO, way beyond on-page SEO basics. Paying attention to this SSL detail could be the factor that allows your site to rank higher than a competitor.
2. Research Shows that Google HTTPS Ranking is Real...SSL DOES Correlate with Higher Rankings
Research from analyzing 1 million search results found “that HTTPS correlated with higher rankings on Google’s first page”.
The correlations in Moz’s latest Search Ranking Factors survey leads to the same conclusion.
3. It's Safer for Your Visitors
HTTPS is especially important over unencrypted Wi-Fi networks. Anyone on the same local network, such as a coffee-shop or other public network can “packet sniff” and discover sensitive information about your visitors.
Parisa Tabriz, who manages Google Chrome's security engineering team, tweeted that Google's intention is to "call out" HTTP for what it is: "UNSAFE."
Several companies and organizations have been pushing for more encrypted sites as part of a campaign to "Encrypt All The Things," which consists of promoting more websites to abandon the traditional, less secure HTTP protocol and adopt HTTPS.
HTTPS protects user data, but it also ensures that the user is connecting to an authentic site and not a fake one. This is important because setting up a fake version of a website is a popular phishing tactic.
Why a Website Might Choose To Not Switch to HTTPS
Cost
One reason why a website might not implement HTTPS is cost.
Whether it is the cost of paying your developer or webmaster to make the switch or the cost of the SSL certificate (an annual fixed cost), encrypting the transmissions between the browser and your website server costs money.
The costs of an SSL certificate can range from free (The Let’s Encrypt initiative to spread the use of HTTPS) to $1,499/year at Symantec. Check with your hosting provider for SSL options to compare.
Check out this guide for installing a free Let's Encrypt SSL certificate »
Fear of Losing Existing Rankings
Fluctuations in search engine rankings can happen with any major site change, but Google is very good with changes from HTTP to HTTPS. Up until now, this was a somewhat valid reason to remain on HTTP, but it's probably no longer an option with the "Not Secure" label.
This brings us to the next point...
Use 301 permanent redirects when implementing HTTPS on your website to maximize SEO.
Be Sure to Implement HTTPS Correctly
AHREFS analyzed the HTTPS settings of the top 10,000 domains and found that only 1 in 10 had a flawless SSL/HTTPS set up. One of the most common errors is failing to use 301 Redirects which is probably the most crucial one to get right.
So don't feel too bad if your set up is not perfect initially. Most issues are typically relatively easy to identify. This free SSL redirect scanning tool is helpful for identifying issues with SSL set up.
We won't address the details of switching from HTTP to HTTPS in this post, but Kinsta has written a very thorough guide.
Here is an overview of their HTTP to HTTPS Migration guide and some of the basic requirements that you will need and some things to be aware of.
- You will need an SSL certificate.
- Double check to ensure that your WordPress host and CDN provider supports HTTP/2. This is not required, but you will want this for performance.
- You will want to set aside a good block of time to do your HTTPS migration. This isn’t something that can be done in 5 minutes.
- Double check to ensure that all external services and scripts you use have an HTTPS version available.
- It is important to know that you will lose social share counts on all your posts and pages unless you use a plugin that supports share recovery. This is because your share counts are based on an API that was looking at the HTTP version, and you have no control over 3rd party social networks.
- Depending upon the size of your site, it may take Google a while to re-crawl all of your new HTTPS pages and posts. During this period you could see variations in traffic or rankings.
- Don’t forget about local citations.
- Turn off your CDN integration and disable any caching plugins before beginning, as these can complicate matters.
