Switching to HTTPS: what you need to know
Life is simple. Technology is not. – Vanita Cyril
But that’s why you have me, right? To assist when Google gives you crap.
Many people will wake up this morning to an email from Google that begins with:
“Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.”
Did you get an email too? If not, you will, soon, because Google has started rolling it out. If the below seems overwhelming or time-consuming (which it is) you can hire me to safeguard your site.
Email me to discuss your options.
What is HTTPS
There’s a link in the email that will send you to a Google article about what HTTPS is. The gist is this:
“HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data between the user’s computer and the site. Users expect a secure and private online experience when using a website. We encourage you to adopt HTTPS in order to protect your users’ connection to your website, regardless of the content on the site.”
How do I switch to HTTPS?
Buy an SSL certificate. Tell your host to install it. More on this below.
Benefits of switching to HTTPS.
- Makes your site more secure for your users.
- Google promises HTTPS is a Ranking factor.
- Have a shopping cart or opt-in box on your site? Having an SSL certificate prevents anyone from tricking your visitors into thinking they’re providing you data when they’re really giving it to a dirty hacker. Yes, I do consider email addresses to be Private data.
- When a visitor submits info on your website, the data is encrypted and can’t be corrupted and becomes worthless to anyone who somehow manages to intercept it.
- Avoid browsers serving this message to your visitors when they land on your site:
I don’t know about you, but that messages usually encourages me to hit the back button.
What happens when you switch to HTTPS
This is where things can get hairy…
Have tons of social shares per post/page that displays how popular you are to new visitors? Gone.
Your URL is changing from HTTP to HTTPS. Likes, tweets, +1s – all that viral-social-proof – is tied to your HTTP URL.
I know you’re swearing at Google right now. I don’t blame you.
Don’t lose heart. There is a way you can maintain those social share counts on your blog for social-proof to new visitors. (More on this below.)
But as a search engine ranking signal? Kiss it goodbye.
Page Rank and Domain Authority
When you switch to HTTPS, 301 redirect coding must be implemented so all HTTP links that you’ve posted anywhere will redirect to https. More on this below.
Once upon a time, Google penalized you for too many redirects. Now, according to this article on Moz Blog, Google won’t.
You’re more likely to lose Domain Authority from losing a high DA backlink, being penalized, losing a good chunk of indexed pages from Google, and so on.
Converting to an https sitewide is improving your site and the user experience via adding that extra layer of security. I don’t expect you to be penalized. You may see a dip in your DA score, but it will be temporary. SEO Forum users have reported experiencing a dip for 6 to 12 weeks and then their DA score increases along with their traffic.
The ideal process to follow when scheduling your switch to HTTPS
ONE: Save your share counts for the sake of social proof.
What google isn’t telling you is when you switch to HTTPS you will lose all social shares. This is because your URL is changing from HTTP to HTTPS. It’s no longer the same URL.
To maintain your share count on your website for display purposes, you can buy and install one of the following two plugins:
Keep in mind that you will lose your social shares but the plugins above will allow you to maintain the count on your site (you know, the little number on the share icons that show how many times a post was shared on that platforrm). You will need to configure the “SHARE RECOVERY” settings of the plugin. please do not install and forget it. it’s not enough.
Please be sure to install and configure these plugins two weeks before your switch so the plugin can start indexing the share counts of all of your posts. A post has to be visited on the front end for the share count to be indexed. If you do not have a lot of traffic, you may want to start visiting your posts a few/per day after one of the above plugins have been installed and configured. If you already have shareaholic installed, your pages should already be indexed. If you’re ok paying $96/year, stay with shareaholic. If you’d prefer the $29/year from Warfare, then you will need to install it at least two weeks before hand and start visiting your posts so they’re indexed.
You can expect to see a dip in your search engine traffic within 45 days after the switch to HTTPS because you’ve lost your social shares (which contributes to your seo). There’s not much advice I can offer for #1 besides starting a group with other bloggers where you guys reshare old posts to gain social shares again…
TWO: Buy and Install an SSL Certificate
SSL certificates can cost anywhere from $9 (PITA Manual Process) to $79 (Easy On You Process, yearly.
EASY ON YOU PROCESS: Call your host, buy an SSL certificate and ask that they install it on your domain. You can expect the web to take up to 72 hours to propagate this change of URL. Once the certificate has been installed, visit your site using a private/incognito browser window. Check through your site to make sure your photos haven’t disappeared. If they have, contact hosting again and have them fix it.
PITA MANUAL PROCESS: If your hosting package grants you cpanel access that allows for SSL installation and has the installatron application, and you have used less than 40% of your storage, you could go for the $9 certificate. Cuts down in expenses in the long run (blah to $79/year), but does require a lengthy manual process. Here is the run down of steps. Because of the variables of hosts and SSL certificates, I can only provide you with an outline.
Prerequisite: Share Recovery
- Buy an SSL certificate. I’ve bought all of my SSL certificates from these guys. You may feel iffy about buying an SSL for $9, especially when hosts such as GoDaddy try to convince you that those SSLs are not “good enough”. Run my site through this SSL Server test. You’ll find these two important entries to note: A) I received an overall A B) I got a nice green YES under “TRUSTED”
2. Install the certificate in your Cpanel.
3. Return to the SSL certificate provider to confirm that the certificate is active. If it’s not, contact the provider’s support.
4. Return to your cPanel. Using the installatron application, clone your site to the new HTTPS version of your domain name (either www or non-www, but must begin with HTTPS). If you do not see the HTTPS version of your domain name in the drop-down menu of domains to clone to, call your hosting company for help.
When you’ve completed everything listed going forward and determine that your HTTPS site is working fine (everything loads, all photos have the https in their urls, all internal links have HTTPS in their URLS, etc) you can delete the version of the site via Installatron and clear up some hosting space. If you’re iffy about doing it, ask your host.
Once you’ve cloned your site over to the new HTTPS version and find that everything looks and works fine, add a 301 redirect to the htaccess file of your new HTTPS site. Godaddy has good instructions here that should apply to all hosts, otherwise, you can use it as a guide when Google for host specific information.
FOUR: Inform Google
- You will need to make changes in Google Search Console (aka Webmaster Tools) and Google Analytics.
- Add the https properties to your Google Search Console in both www and non-www form. Do not delete the old ones. You will need to maintain all. Makes for a crowded search console. Blah.
- Update google analytics Admin > Property Setting > Default URL to https.
Re-link your Google Analytics profile with your new HTTPS site in the Google Search Console. Go to Admin > Property Settings. Scroll to the bottom and click on “Adjust Search Console” under Search Console section. Choose the new HTTPS site and hit SAVE. You will get a prompt about unlinking HTTP association. Hit OK.
- Create a new sitemap of your site and submit to Search Console.
- Be patient and breathe.
The Wrap Up
And that’s it. I’m a bit sorry that my return to the blogging world had to be when I needed to bring bad news and give you stuff to do. If the above seems terrifying, you can definitely hire me to do it for you. Feel free to contact me at vanita[at]vanitacyril[dot]com.