Should I move my WordPress website to HTTPS?

Whether you’re a website owner or a website visitor, everyone wants a fast loading website which can carry out sensitive exchanges of information securely.

In 2014, Google announced that it was beginning to use HTTPS as a ranking signal, signalling an increased emphasis on secure connections from the world’s biggest search engine.

Then, last month, the news came that Google’s Chrome browser will begin displaying a “Not Secure” warning message for unencrypted webpages. This message will be displayed in the address bar of websites not running the HTTPS protocol. Imagine a situation where your visitors withdraw from your website after seeing this warning message.

Google does check whether your site uses HTTP or HTTPS protocol. It might not be a crucial factor if you are not very serious about your website. However, if you are an online business, this is not something to overlook – website visitors demand secure connections to the websites they are interacting with.

If you aren’t too familiar with the technicalities of SEO, working with HTTPS might seem a bit intimidating. However, it isn’t as complex as it seems to be. Also, the good thing is that you do not have to understand the behind-the-scenes work when it comes to implementing HTTPS.

So, is HTTPS important?

Yes, HTTPS is undoubtedly essential, and many websites have already made the shift.

At the time that HTTPS was announced as a ranking signal, it was only a “light” one and affected less than 1% of global searches. But Google warned that this could strengthen over time, and we have already seen with Mobilegeddon how Google can shake things up once it decides to put emphasis on a particular element of the web.

For a website that have a HTTPS protocol, the search bar in the browser will display a lock symbol, and on Google Chrome, the word “secure”. However, if it isn’t on HTTPS, you won’t see the symbol and users may consequently be more wary about what data they enter – especially if soon, they start to receive a warning about the site’s security.

Exhibit A: Search Engine Watch

Benefits of shifting to HTTPS

Makes your site secure

This is the most obvious benefit of shifting to HTTPS. When you are enforcing HTTPS on your site, you are guaranteeing that the information passed between the client and the server can neither be stolen nor intercepted. It is basically a kind of proof that the client’s data wouldn’t be messed with in any form.

This is great for sites that need the customers to log in and accept payments through credit or debit cards.

Encryption

Okay, so if someone even does manage to intercept it, the data would be completely worthless to them. In case you are wondering why, it is because they obviously wouldn’t have the key to decrypt it. As website owners, you would have the key to do so.

Authentication

You must have heard of middleman attacks. However, with HTTPS, it is close to impossible for anyone to trick your customers and make them think that they are providing their personal information to you, when in reality they are providing this to a scammer. This is where an SSL certificate comes into light.

Good for your site’s SEO

You definitely want your site to rank higher in the search engine results and HTTPS would contribute todoing that. With your site ranking higher, you would have more customers, an increased traffic and an improvement in your overall revenue. It’s not just us saying that – Google said so itself!

Now that you know all of its benefits, let’s look into the steps that you need to follow.

Getting an SSL certificate

SSL is the protocol that HTTPS uses and is something that you need to install. The SSL certificate would have your company name, domain name, address, country, state and your city. Several details including the expiry date of the certificate would also be mentioned here. Now, there are three different kinds of certificates that you can choose from.

Organization Validation and Domain Validation are the kind of certificates that you can get if you have an e-commerce site or a site that collects personal information from users. The third type, Extended Validation Certificates, are for testifying the legal terms of a HTTPS website.

You can purchase these certificates from a lot of websites. The prices differ, so compare them and then make a purchase. Once you have purchased one, get it installed.

Create your site’s URL map and redirect

The ‘S’ in HTTPS makes a huge difference in the URL. HTTP or HTTPS before your domain name are entirely different URLs. This implies that you would have to create copies of each and every page on your site and then redirect them. This redirection would be from your old HTTP page to the new HTTPS page.

It might all sound pretty complicated, but it isn’t in reality. Your URL map can just be a simple spreadsheet. When shifting from WordPress, all of the 301 (permanent) redirects can simply be added to the .htaccess file.

Work on getting at least one page working on the front end

You also have to work on getting your front end on HTTPS. If you’re not confident with the technical side of things, this can seem a little complicated. Therefore it is best to begin with just one page.

If you are an ecommerce site, you can begin with the page that accepts payments. This is the page where customers are sharing their personal banking details and therefore it has to be secure. There are several plugins available that can help you with this, such as WP Force SSL. With such plugins, you can easily force pages to be SSL.

Update internal links, images and other links

There will be several internal links throughout your site and these might redirect to your old HTTP page. If you have been using relative links, you have been lucky. However, if not, you would have to find each of the links and then correct it with the new URL. You would also need to correct links to other resources like stylesheets, images and scripts.

Also, if you use a content delivery network (CDN), you would need to make sure that the CDN supports HTTPS too. These days most CDNs support HTTPS, but not all of them. So, make sure that you check that too.

Re-add your site to Google Search Console

After you have made all the necessary changes, get Google crawling on it as soon as possible. If you don’t do it, your traffic would be affected negatively. But why is re-adding required? Well, it’s because a HTTPS site is considered a completely different and new site.

After that, submit your new sitemap in your new listing and above that, re-submit the old sitemap as Google will notice the 301 redirects and make the necessary updates.

Once you have carried out all of the steps, you may or may not notice a slight positive change in the search rankings. Whatever you do, make sure that the first step of installing an SSL certificate has been done correctly. Alternatively, you can also use plugins like Really Simple SSL, Easy HTTPS Redirection etc. to accomplish the task.

At the end of the day, the decision of switching to HTTPS is solely yours. If you just have a blog with an email newsletter that people can subscribe to, you might not need to make the switch. However, if you are an online business, switching to HTTPS would be a wise decision.

If you see some issues, keep researching and fixing them. Even if you’re not a technical person, it’s easier than you think.

Related reading

Google-Search-Console

Simple Share Buttons