Online security is increasingly important. One way that you can start to secure your website is by switching to HTTPS Hosting.
This involves using an SSL Certificate. SSL stands for Secure Sockets Layer and this is a way of creating an encrypted link between the computer browsing your website and the web server that hosts your website.
In this post we’ll run through the basics so that you understand the process so that you can switch your website to HTTPS if you want to.
Why Switch To HTTPS?
As mentioned above, HTTPS offers a secure method for hosting your website. It can be recognised by the padlock in the browser bar or you can opt for a green browser bar depending on the type of certificate you order as we shall see shortly.
But apart from the obvious security considerations, Google is encouraging website owners more and more to embrace security in their bid to make the internet more secure for everyday users.
In fact they have even stated clearly that HTTPS is a ranking signal. What this means basically is that Google will look favourably on websites that adopt HTTPS and take that into account when determining their position in their search rankings.
Types Of SSL Certificate
There are numerous types and brands of SSL Certificate and whilst they all work using the same principle they do offer different features. Here is a high level overview:
- Domain SSL – Most popular type of SSL. Browser Padlock shows. Domain Name only appears in browser bar. Low cost and instant issue. No paperwork, no waiting. Limited to one domain only.
- Wildcard SSL – Same as Domain SSL but extends to sub domains of this domain (not available on Extended SSL – see below)
- Organization SSL – More expensive SSL with domain ownership and Company verification required. Usually issued in 1 to 2 business days. Browser Padlock shows with Domain Name & Company Name appearing.
- Extended SSL – Most expensive type of SSL which requires domain ownership and Company verification as well as legal, physical & operational verification required. Usually issued within 3 to 4 business days. Extended validation with green browser bar showing company name.
Purchase & Installation Of SSL Certificate
For the purpose of brevity we will assume that a Domain SSL is being purchased and installed because we are concerned with the installation of the SSL and the switch to HTTPS rather than the vetting procedure of the Organization or Extended SSL.
We will also assume that your hosting company will create the Certificate Signing Request and perform the installation of the certificate.
You can purchase an SSL Certificate from your hosting company. You should decide whether you want to have a certificate with www. or without www. This is purely down to personal preference.
Once you have placed your order you will receive an email asking you to confirm that you approve the Certificate. This email can only be sent to one of a number of pre-authorised email addresses e.g. [email protected] – it can not be sent directly to your personal email address. We raise this point so that you are aware if you don’t receive that email address to double check with your hosting company where that has been sent to.
Your host will then assign a Dedicated IP address for you and install the SSL Certificate for you.
Backup Your Website
As a security measure before switching your site to HTTPS we recommend making a full backup of your website.
If you have cpanel you can perform a full backup there.
This is an optional step and is only in case there are any issues and you need to restore your files.
Configure Hard Links In Your Website
If you have a small website you can do this by hand or get a Developer or Designer to make these changes.
However, if you have a large site maybe hundreds or even thousands of pages there are tools that can help you to do this very quickly.
Update Tools & Code Libraries
This usually won’t apply unless you have a larger, more complex website.
Change Any External Links Under Your Control
If you have external websites pointing to your site (i.e. backlinks) you should change any that you have under your control from HTTP to HTTPS. Mostly these will be things like directory listings.
Most of the time they won’t be under your control though but don’t worry about this as you will be making changes later that will redirect any HTTP traffic to HTTPS.
Implement 301 Redirects
A 301 redirect is a permanent redirection that you can set up to tell any HTTP traffic to now go to the HTTPS equivalent.
If you are not an experienced Web Professional then this is probably best left to a developer.
Depending on your webserver you will need to setup sitewide direction. Here are the most common options:
- Apache or LiteSpeed (drop in Apache replacement which Pickaweb uses) – update the htaccess file
- NGinx – update the NGinx Config file
- Windows Web Server – Update Internet Services Manager
Update Content Delivery (CDN) SSL
A CDN is a geographically dispersed set of servers that hosts your website’s files in different servers across the globe to present your site via the server closest to the person browsing. As well as offering advantages in terms of speed it can also aid security by identifying threats and preventing them being uploaded to your site.
First you should double check with your hosting company to verify if you are using a CDN. If you are not then you can ignore this step.
If you are using a CDN you must double check with the CDN support team how to update their system to recognize your SSL Certificate. If in doubt you should ask a Developer to assist with this step.
Update Links In 3rd Party Tools & Transactional Emails
If you’re using any third party applications such an email marketing tool, marketing automation or Customer Relationship Management tool then you’ll need to run a manual check on any links that you’ve created there to make sure they’re all up to date.
Likewise if you have a billing system your transactional emails such as welcome emails and any invoice emails need to be updated to reflect the change. Of course the redirection you’ve set up previously will forward any HTTP links to the HTTPS equivalent but it’s always more professional to correct these.
If you use a tool like Live Chat then you may have canned responses and you should check these too to ensure that your customer service team are passing out the correct HTTPS URLs in their responses.
Update Landing Pages & Paid Search Links
If you have any landing pages setup then these will have been updated automatically by the 301 redirect but for completeness you should double check these.
Also check the links you are using in the paid search tools you are using whether that’s Google, Facebook or whatever.
Also if you use a Landing Page generator like Unbounce then you should update your setting there to reflect the switch.
Update Google Search Console & Google Analytics
Finally you need to make sure that you update your Google Search Console (Google Webmaster Tools) by submitting the new HTTPS site as well as re-submitting your SiteMap.
Also don’t forget Google Analytics to make sure that you can get the correct analytics. That’s just a question of setting the ‘Default URL’ to HTTPS.
Switching to HTTPS has a few steps involved. But increasingly security is important and sooner or later you will need to make the switch.
Choose the right sort of SSL for your needs. There are several types and whilst they all work the same there are varying degrees of verification and also the way the browser appears, such as the green browser bar.
If you host with Pickaweb we will help to install the SSL certificate. In terms of switching your website to SSL, if you are not an experienced web professional and you are not confident with technology then you will need the help of someone with that experience.