Switching to HTTPS: The Why and How

If 2018 taught us anything, it was that information security is becoming increasingly important as web users share more and more personal information online. A few indications were the passing of GDPR, major browsers warning visitors of insecure sites and Google including HTTPS as a ranking signal in their algorithms.

So here is the what, why and how run down for switching your website over to HTTPS this year. Make it your website resolution!

What is HTTPS exactly?

Let’s get technical for a second, HTTP is what most websites ran on up until the last year or so and it stands for Hypertext Transport Protocol. If you add Secure to the end of that acronym you get HTTPS. The difference being that the secure version will use an SSL or TSL certificate that will encrypt your data between server and browser (web server to browser or mail server to mailbox for example).

There are a lot of tech sites that go into great detail on the encryption process, this one gets pretty specific without being too overwhelming if you are interested in learning more about SSL encryption and how it works.

Fun Fact: In 1999 TLS was created as an upgrade/replacement for SSL Version 3.0, but SSL is such a widely used term that the name stuck. Learn more here. 

Why should we switch?

So far we’ve briefly touched on some of the changes that took place in 2018 in regards to website security, and the top three reasons to switch to HTTPS are secure data transfers, secure site notifications and positive SEO rankings.

Secure data

Ask yourself this question, “Do we collect sensitive information on our site, such as, full names, birth-dates, credit card information, social security numbers or anything else of this nature?” If the answer is yes, your website needs to be secured to reduce the risk of your customers’ data being intercepted.

Clients put a lot of trust in us (website owners collectively) and it is our job to make sure that they can trust their information is safe and sound when they do business with us.

Browser warnings

Now it is no secret when visiting a website on a Chrome or Safari browser if it is secure or not. Google announced that as of July 2018 Chrome would be “explicitly” warning users if a site is not using HTTPS protocol. Apple soon followed suit when they added a warning feature to Safari.

Since Chrome is the most widely used browser on desktop and mobile, with Safari coming in second on mobile, this should be a big indication that having a secure site is important. Whether you are collecting sensitive data or not, the red flag it sends to your visitors could mean the difference between a bounce and a conversion.

SEO implications

Some of you may still be thinking, “I don’t collect personal, private or sensitive information, does it really matter?” And the answer is yes! Like I mentioned before, if a user lands on your site and the first thing that catches their eye is a scary red warning, they will be more likely to bounce from your site right on over to a competitor site who has a pretty green secure symbol.

And if that isn’t enough, Google announced back in 2014 that they will be using HTTPS as a ranking factor in their search algorithm, but that “for now it’s only a very lightweight signal.” However, this implies that over time, in their continuing effort to make the web more secure, it would weigh more. There have been plenty of recent studies that actually show the impact that HTTPS has on search rankings.

How do we make the switch?

Now that you are convinced, we get to the actual “how” of this article. I wish I could say it only required a flip of the switch but the process can take a little work depending on where your site is hosted. Fortunately, at GLIDE we are big advocates of WPEngine and their process is as close to flipping a switch as it comes, let’s dive in!

1. Purchase an SSL certificate: WPEngine offers two certificate options, free & premium
2. Change your URL: You can change out http:// for https:// right in your WP dashboard by going to settings > general 
3. Search & Replace: WordPress offers seval plugins to help with this, we like Better Search and Replace
4. Flip the switch: WPEngine recommends the Really Simple SSL plugin that takes care of https redirects and other common issues like the mixed content error
5. Update GA and Search Console: If you skip this important step it could negatively impact your search rankings, you can find the steps here
6. Run a check for broken links: Most likely this won’t be necessary but sometimes you may find not all links were updated and you will have to update them manually
7. Update social or affiliate links: Don’t forget about changing links on any profiles that you may be on to ensure visitors will be directed to the right place

The biggest benefit of WPEngine is their amazing support team! So if you are hosted on WPEngine and still feel a little overwhelmed they are there to help 24/7.

GLIDE is here for you too!

Whether you are hosting on WPEngine or not, we are here for you too! Have questions? We have answers. Need help? Let us know.