Why You Need To Migrate From HTTP to HTTPS
Starting in July 2018, Google Chrome will be labeling every website that is not using HTTPS protocol as “not secure.”
To understand why you need to migrate from HTTP to HTTPS, let’s start with the basics and run through some definitions.
What is HTTPS?
In order to fully understand HTTPS, we need to first understand its predecessor HTTP.
It is used to create a logical connection between the website server and the site visitors. For years HTTP was working just fine for almost everyone, but with digital marketing came more online one-stop solutions such as online baking, online shopping, saving personal/sensitive information online and more. People started trusting the internet without first making sure their information was secure. People have been under the impression that the information they put on the internet is only between them and the service provider, which is not true at all!
Hackers can easily monitor any internet traffic if they’re not ENCRYPTED! This means that any activities or information you save on non-secure websites may be forced to be shared or sold to third parties. Most common one: Passwords.
So, what does the “S” stand for?
The added S to HTTP stands for secure. Something we all want. It works as an extension or successor of HTTP. By enabling HTTPS, every single unit of data transmission will be encrypted and it is proven to have no efficient way of decrypting your messages or information.
This is crucial nowadays. Why? Many of us often times try to keep our username and password combination the same throughout sites so that it’s easier to remember. Yes, it’s easier to remember, but it’s also more at risk of being shared/sold. Let’s assume all of the sites you save your sensitive and important information are secure, ALL but one website. This could lead to your online banking, personal, the information being leaked and potentially shared with the wrong people.
How to secure your website and gain SEO sugar:
Ok, now you may be aware why Google is pushing general public to use HTTPS protocol. So you may be wondering how do I do this!?
Before we get into detail, please don’t simply put an ‘S’ in your URL. Magic won’t happen like that.
Chrome will block your page from your users at first, and it will give them a warning sign with an “ADVANCED” button. Believe me, most people will not click on it.
First, you need to back up your front-end content and back-end scripts. In the case that anything happens you should always do this on your test server. Once you see that everything looks good, navigate traffic to your “new” site.
Afterward, if you have shell access by the terminal, you can install an application called “Let’s Encrypt. They have great instructions provided by your server host and documentation of your framework. This application is FREE, auto=-renew and its key distribution does not involve human beings, which minimizes possible private key leakage. If you don’t have access to your server then you may need to contact your hosting provider (GoDaddy, Hostgator, AWS, etc.) to get an SSL certificate. Then you would have to install it manually.
Is that it? Nope! That’s just the beginning.
After you’ve installed the SSL certificates, there are still some potential problems you may face.
For example, your online navigations may not be working anymore since they were “hard-coded” in your web page and you have to either go into the code to fix them or force 301 redirections. In terms of redirection, your old redirection scripts may not be working as well. Since they are redirecting to http://yourwebsite.old, which may not be there according to your web framework or cms. You need to force all HTTP traffic to HTTPS.
You will still need to take a close look at your images which could possibly be using HTTP protocol to fetch. Again, this may not be the case for you since some CMS and framework may be taking care of that. If you are using a CMS like WordPress, simply re-upload them. Or update the static URLs to the new protocol. Don’t forget that you still have to update all of your tracking systems such as Google Analytics or Google Search Console.
And now you can finally relax for a while. But keep a close eye on its search engine ranking for the next few weeks to make sure everything looks right.
It’s a complicated and lengthy process, but with Google’s updates, you will lose most of your website if you do not migrate to HTTPS. The hard work will be worth it in the end.