Over the last few years, you’ve undoubtedly come across articles about data protection or data privacy. It’s a topic that impacts everyone. And with so many breaches in data security, protecting sensitive information is becoming more and more crucial for businesses of all sizes.
In fact, Google and Mozilla have joined the conversation. In recent years, Google has taken steps to help create a more secure web—including identifying non-secure websites in the address bar of the Chrome browser. Mozilla also rolled out a site security indicator in its Firefox browser.
So what can your business do to better protect sensitive information submitted through your website? The top recommendation: enable HTTPS on your site.
What is HTTPS?
We’ve all seen HTTPS in URL strings—but aside from the extra letter, what makes HTTPS different from HTTP?
HTTP (Hypertext Transfer Protocol) is a non-encrypted communication protocol used to send information between web servers and browsers of the end-users.
In simple terms, HTTPS is the secure version of HTTP. It includes an encrypted layer known as TLS or Transport Layer Security. This means that data sent over HTTPS is encrypted and less vulnerable to interception by third parties.
Please note, this does not mean your site will be protected from malicious server attacks or software vulnerabilities—that requires a different form of protection.
In order to transition to HTTPS, you will need an SSL (Secure Sockets Layer) certificate to enable the secure encrypted connection. This can typically be obtained from your web hosting provider for an annual fee.
Benefits of Migrating to HTTPS
As you’ve probably deduced, the main benefit of migrating to HTTPS is that sensitive data sent via your website is encrypted and thus more secure. Some additional benefits include the following:
Have you ever been on an e-commerce site and just as you were about to make your purchase, you noticed that the site was not secure? It’s likely you didn’t complete that purchase—and it’s probably safe to say you haven’t been back to that site since.
This is because site security plays a major role in visitor trust. And trust can ultimately lead to loyalty—which is great for word of mouth.
Improved Referral Data
If your site is using HTTP and you have inbound links from sites using HTTPS, you might not be getting the full picture of referral traffic to your website. Those visits could be getting lumped into “direct traffic” in your analytics platform—which isn’t exactly insightful.
Once you make the switch to HTTPS, that referrer information will be passed to Google Analytics and you can better understand how visitors are finding your content.
The question on everyone’s mind: what impact does migrating to HTTPS have on SEO? Google has stated that HTTPS is a lightweight ranking signal. Think about it like this, all others things being equal between two sites, the site with HTTPS would get the ranking advantage.
For e-commerce sites and other sites that collect highly sensitive information such as credit cards and social security numbers, HTTPS likely has a greater impact on ranking.
According to SEMrush’s 2017 ranking factors study, website security (HTTPS) is one of the top 10 factors. The study found that 65 percent of domains ranking for high-volume keywords are on HTTPS. Seems like a pretty h3 case for HTTPS.
What to Do Before You Migrate
Before making any major change to your website, it is always important to have a game plan. Google considers migration to HTTPS a site move with a URL change—which means attention to detail is critical.
Although the migration process is relatively straightforward, underestimating the process could lead to disaster. This checklist will help you prepare for the transition and avoid common pitfalls.
- Crawl your site to evaluate its current state
- Record rankings before migration
- Acquire an SSL/TLS certificate
- Install and configure the SSL certificate on your server
- Perform a full backup of your site
- Identify plugins, APIs, and other technologies that may be impacted by the migration
- Check that all external scripts support HTTPS
- Update canonical and hreflang tags
- Check the reference paths of assets such as images, videos, documents, etc.
- Set up server-side 301 HTTPS redirects
- Review current redirects and update to resolve unnecessary redirect chains
- Crawl your site again to ensure no links have been broken
- Update your sitemaps with the correct HTTPS URL structure
- Update your robots.txt file
- Update your disavow file, if you have one
- Add HTTPS version of site to Search Console
Once you’ve checked off everything on the list, you’re ready to go live. Before you do, be sure to review Google’s best practices for implementing HTTPS to make sure you haven’t missed anything.
This might go without saying—be wise when choosing your go live date. It will be important to monitor the site immediately following the migration, so a Friday evening might not be the best time to go live.
So Should You Migrate?
There’s no denying that the importance of online data security is only going to continue to grow. If you have a plan in place before attempting the migration, you can avoid the pitfalls that have given this process a bad rep.
As with the transition to mobile-friendly focus—remember mobilegeddon—it’s quite possible that Google will put its foot down about HTTPS in the not so distant future. Being ahead of the curve, could prove beneficial in the long run.
That said, for any site collecting sensitive data that’s still using HTTP, it’s probably best to transition to HTTPS sooner rather than later. The advantages really do speak for themselves.