Feeling insecure? How to Migrate Your Site to HTTPS

I don’t always speak in soliloquy, but when I do, you know it’ll be about something technical … JK!

But seriously, as a marketer, what steps should you take with your website’s security to make sure you’re in Google’s favor?

This post outlines the parts of a URL, the different types of protocols, and what we currently know about how search engines are favoring sites with a secure (https) protocol.

A URL, or uniform resource locator, is a reference that houses your content/resources online and contains two parts. The first part of the URL, or protocol identifier, indicates what protocol to use. This part of the URL is used for transferring data from a web server to a browser so users can read web pages.

Examples of protocol are hypertext transfer protocol (http), https (the “s” stands for “secure”), and file transfer protocol (ftp). If a URL contains http or https, we usually refer to this URL as a web address. The protocol identifier is immediately followed by a colon and two forward slashes.

The second part, or resource name, is what specifies the IP address or domain name where the resource is located. Within the resource name you have the hostname and file name.

Example: https://www.my-example.com/page

• Part 1: The protocol identifier is ‘https’
• Part 2: The entire resource name is ‘www.my-example.com/page’
  • The hostname is ‘www.my-example.com’
  • The file name is ‘page’

HTTP URLs contain data that is not secure since it’s not encrypted. This means that third parties can intercept and gather data being passed between the two systems. To keep the data secure (and be able to make URLs HTTPS), you need to obtain a secure sockets layer (SSL) certificate. This creates a secure encrypted connection between the web server and browser to ensure your data integrity remains high and that users are authenticated to communicate with the website.

Switching from a non-secure to a secure protocol is a pretty easy task for your development team to implement once you have your SSL certificate. The important thing to remember is to properly redirect your URLs from http to https so that PageRank earned is not lost. I strongly recommend you use 301 redirects!

It makes your website more secure. The days of mainly ecommerce sites using secure protocols in just their cart pages is a thing of the past. Build trust with your audience; they need to feel secure. The costs are minimal, so give them this security. However, it’s important to note that an SSL certificate will not prevent your site from getting hacked, or stop any phishing emails from being sent.

It will increase conversions. A site with security seals is 40% more likely to get a conversion — regardless of whether the site is content or ecommerce driven.

Because Google literally proclaimed “HTTPS Everywhere.” Google’s algorithm continues to get more complex each day and we don’t always know all the factors or the weight each one tends to have. That being said, when Google makes an announcement and suggests webmasters make revisions, you should listen. They did just that when they announced that HTTPS is a ranking signal and that failure to optimize web content could mean a fall in your rankings.

On-page factors and the number of backlinks are still more important to SEO than a secure protocol, but why not check all the boxes?

Because your competition will. You work so hard to differentiate your brand. Why would you allow your competitors to beat you in the search engine results pages (SERPs) because of the way they structure their protocol?

Because we’ll get better data in Google Analytics. Not all non-secure referral traffic gets accounted for properly in Google Analytics, so it gets lumped into the direct traffic source. However, Google already notes the importance of all secure sites, so you will begin to see more and more referral sources displaying in your acquisition reports. #winning

Because you can’t AMP without making the switch. Mobile is the future, and you need to make sure your content rises to the top of the search results, loading as fast as possible. Without a secure web address, you can’t revise your code to allow your pages to be accelerated mobile pages (AMP).

If you haven’t already switched from HTTP to HTTPS, you’ll notice that you probably haven’t taken any major hits in the SERPs just yet, but putting off this best practice is just delaying the inevitable. Be proactive and make the jump before your competition does, so you’ll be ready when Google starts to increase the weight of this in their search algorithm.

If I’ve written this post right, I’ve convinced you to make the move. Here’s some additional information from Google to help you along your way, and don’t forget to update your robots.txt file and update and verify with Google using Google Search Console (GSC).