Online security is no longer an optional extra for businesses – it’s the basic price of admission for businesses of all size.
One of the most basic forms of online security is switching to HTTPS hosting.
Of course, there are loads of factors to consider, but aside from the advantages of presenting a safe and secure website to your visitors, switching to secure HTTPS hosting (as opposed to HTTP) is good for business. As well as reassuring your visitors, HTTPS is actually endorsed by Google.
And in the coming years, the question isn’t going to be so much whether you need to migrate to HTTPS, it will be when are you going to switch.
The problem is that many businesses, smaller ones in particular, are not making the change. Recent research indicates that HTTPS adoption is in the 2% to 3% band.
But if you are not prepared, or you’re not familiar with this sort of thing, then all you need to do is to follow the steps below to ensure that your site is migrated safely, securely and with the minimum of impact.
Step #1 – Buy an SSL Certificate
The first point is to buy the right SSL Certificate. Without getting too technical, the way that an SSL certificate works is that it uses powerful encryption to create a protected link between the user’s browser and the host server.
There are all sorts of different SSL Certificates available and they vary in cost. The important point to understand is that fundamentally they all work under the same principle. You don’t get ‘more security’ just because you are paying for a more expensive certificate.
What they will offer is a different set of features.
The entry level SSLs are Domain SSLs. These are issued instantly and only require email verification. They offer HTTPS browsing with a padlock, but there is no in-depth verification process, just a domain ownership check. They’re ideal for smaller businesses on a budget who aren’t taking online payments.
Next are Organization SSLs which require a higher degree of verification such as checking company ownership. As a result, they take longer to be issued, typically two to three business days. With this type of certificate, the company name and domain name appear in the browser bar.
Finally, there are Extended Validation SSLs which allow you to use a green browser bar. These are more expensive than Domain or Organization SSLs and involve a verification process to check the company in more detail such as legal, operational and physical verification. It is for this reason that they can take between three to five days to be issued and they will require various legal documents to be produced.
Step #2 – SSL Certificate Installation
Once you’ve purchased your SSL Certificate, you’ll need to approve it. As shown above, there are different levels of verification before the certificate is issued but if we use the example of a Domain SSL, this is issued instantly once the domain owner verifies their email address.
This is done by the SSL issuer sending an automated email to one of a pre-determined set of email addresses such as webmaster@TheDomainName.
If you’re using shared hosting then your hosting company will assist you in this as they administer the server, so they will set everything up for you once you have approved the certificate.
Step #3 – Do a Full Backup
Whenever you’re making major changes to your website it’s always worth running a full backup of all of your website files.
If you use cPanel hosting, for example, there is a built-in cpanel backup feature you can use, which is easy to configure.
Otherwise, check with your hosting company to see if they offer a managed backup service and use that.
Either way, doing a backup is a belt and braces approach.
Step #4 – Change Your HTTP Links to HTTPS
Before you switch to HTTPS you’ll need to update all of the internal links in your website. Shortly we’ll look at a way to globally achieve this, but it is still good practice to go through your website and change any links that point to HTTP pages inside your site to the new HTTPS links.
Failure to do this will result in 404 errors in your site which are bad for on page SEO.
How you do his depends on the size of your website. If you just have a few pages this is just a manual process. If you have hundreds, even thousands of pages there are tools that can automate this process for you (especially if you’re using WordPress).
Step #5 – Check Code Libraries
Step #6 – Update Any External Links That You Control
All of the links pointing to your site from your social media accounts and listings in Authority Directories need to be updated. Just focus on the ones that you have under your control.
You’ll be redirecting HTTP traffic to the equivalent HTTPS page shortly so there’s no need to stress about getting them all 100% updated – just focus on the main ones.
Step #7 – Create a 301 Redirect
This sounds complicated but it is quite straightforward really. A 301 Redirect is a method of redirecting traffic from one web page (URL) to another. It is effectively a ‘permanent’ redirection because your website is permanently switching from HTTP to HTTPS.
This is a really important point because if your website has dozens, hundreds or even thousands of backlinks pointing to it from other websites they will be set to point to the HTTP pages. If your search engine ranking depends on the number and quality of backlinks then you don’t want to lose the power they give you.
Therefore a 301 redirect means you don’t have to go and change all of these links which would often be impractical, if not virtually impossible.
- With Apache and LiteSpeed you need to update the htaccess file.
- With NGinx you need to update the NGinx Config File.
- With Windows, you need to update the web.config file.
Step #8 (Optional) – Update CDN SSL
A CDN is a globally distributed network of servers that stores copies of your web pages on its servers so that your pages are presented by the server closest to the person browsing your files.
This offers advantages not only regarding speed but also of security as it can recognize various malware patterns and prevent your site from being hacked.
You just need to double check with your hosting company or developer if you are hosted on a CDN. If you are, then you’ll need to check with the CDN’s technical team for their instructions.
Most websites don’t use a CDN, though, so this step is included for the purpose of completeness.
Step #9 – Update Any Other Tools, Canned Responses, & Transactional Emails
These days many businesses use a whole plethora of additional tools around their website such as email marketing, marketing automation and landing page generators.
You’ll need to prepare a list of this software and look for any mentions of web pages that refer to HTTP and update them to HTTPS.
If you use a tool like Live Chat then double check your canned responses because these may often include links to pages, resources, FAQs etc. so make sure they are all HTTPS links.
Another area is Transactional emails – things like welcome emails, invoices, forgotten password emails. These all need to be updated. Sure, the 301 redirect will usually take all of these into account, but it always looks more professional to present your clients with the correct URL.
Step #10 – Update PPC Ads & Landing Pages
If you’re using paid search whether Google, Facebook or whatever, just double check the URLs are updated to secure HTTPS ones for your landing page links. Again, the 301 redirect should forward them onto the correct one, but this is belt and braces.
Step #11 – Update Google (Analytics & Search Console)
Last and not least you’ll need to update your Google accounts – Analytics and Search Console. In Analytics you just need to change the Default URL to HTTPS. In Search Console, you’ll need to add the new site with HTTPS.
Switching to HTTPS is the direction of travel when it comes to online security. You’re going to have to do it sooner or later.
But it doesn’t need to be a complex matter. If you’re not a technical person, then you may need some help from a web professional. But as long as you follow the steps outlined here you’ll be fine.
Featured Image: Depositphotos
In-post Photo: pickaweb.co.uk