Some industry experts including smart insights – digital marketing strategist Dave chaffey would argue you shouldn’t move every page on your site without fundamental data analysis and I agree.
Its of my opinion, however, that you can’t afford not to migrate if you do it correctly, especially if you have an eCommerce store. Although your checkout pages are already on HTTPS if you are making online transactions, the current developments make it a priority to transfer your whole e-store, all the pages, to HTTPS protocols. Why?
There are two reasons that make HTTPS indispensable for eCommerce businesses (if not all businesses). One has been there for some time, whereas the other reason has just been created…by Google. Let’s briefly discuss the classic reason first before moving to the disruption that Google has made.
More Security for Everyone
Internet security has been a major concern for consumer bodies, security providers, and industry organizations, who have been educating the market on the subject of security for the past 7 years. Thanks to their efforts, the majority of consumers today expect the information they provide over the Internet to remain secure. They will only provide their credit-card or other confidential information when they are absolutely sure that your website is secure.
For the non-technical, the “S” in HTTPS signifies “security”. SSL (Secure Socket Layers) and TLS (Transport Layer Security) are basically industry standards dealing with the integrity of the data passing between the browser and the web server. In both the protocols, the data is encrypted before it is transmitted, so that no third party can access the contents of the exchanges taking place between the server and the browser. The data is decoded when it is received by the server or your machine.
These days when you open an SSL or TSL certified website, Internet browsers like Firefox, Chrome, Safari, and others display a lock icon beside the address bar, indicating that the website is secure. As seen in this image taken from ProLimeHost.
If the site has an Extended Validation or EV SSL certificate, the address bar turns green, telling the user that they are visiting a secure domain. The green bar is what you want.
Using an EV SSL certificate an HTTPS address gives your customers confidence and protects you from phishing, hacking and other security threats that can compromise your business’s integrity. It’s good for business and can even increase conversion rates. However, website owners have been hesitant in switching to HTTPS domains, generally because of the following reasons.
- They are not sure what the change means and whether they need it
- The process is quite labor-intensive and they don’t have the time and/or the budget
- The cost of EV SSL certificate is an added overhead, something that most small businesses tend to avoid for as long as they can
You could afford to keep the migration to HTTPS on the back burner until a few weeks back, but not anymore. Google have increased the urgency.
Google Now Uses HTTPS as a Ranking Signal
On August 6, Google announced a much anticipated update to its search algorithm. Google crawlers now take into account HTTPS encryption when ranking websites. It means that the domains that are protected by SSL certified security have more chances of appearing higher in Google search results. The change currently affects less than 1% of global queries, but Google says it “may decide” to strengthen the search signal over time. The gradual application of the new signal is aimed at giving webmasters time to switch to HTTPS
We all had it coming, because Google has been calling for increased security and “HTTPS everywhere” for a while now. It shifted all its domains to HTTPS in March 2012, but webmasters and site owners were not very enthusiastic in embracing the change, because of the reasons I listed above. When Bing launched an HTTPS version of its search earlier this year, eyebrows were raised and HTTPS was taken seriously for the first time. Bing has not promoted the change, though, and has kept it optional. A vast majority of Bing users still get the HTTP version as you need to switch to HTTPS yourself.
Now that Google has already made SSL security a factor in determining website rankings, it is clear that the importance of HTTPS is only going to increase as times passes. As more and more customers become aware of the difference between a green address bar and a white one, and as Google expands the strike range of the HTTPS ranking signal, vendors hosting HTTP domains are going to find themselves at the lower end of the playing field. There’s even talk of Google incorporating security as part of its Panda algorithm.
How Does It Affect You?
There’s a storm coming, and you should be prepared. Do not take the limited coverage of the new ranking signal lightly. For one, with presumably trillions of queries being searched, your website may well fall within the affected 1%. Secondly, the new tweak is based on Google’s core value of keeping everyone safe on the web, which points the way things are headed. Thirdly, it’s not only the ranking, but also customer trust that’s at stake here.
There’s more. When a user clicks through to an HTTP domain from an HTTPS domain, the compatible browsers display a security warning by default, unless users disable it from the settings. When most other sites are on HTTPS, the customer coming to your HTTP website will get a rude popup, warning them that they are leaving for an insecure location on the web. Obviously, you can’t allow that to happen.
By sticking with HTTP, you’ll also lose the “referrer data” if the visitor is coming to your website from a secure domain. Referrer data helps you research the queries that your customer made before clicking through to your website from Google or Bing. Analyzing this data can give you important insights about your keywords. The information can be very helpful in optimizing your ROI and conversion rates.
This data is blocked when the user is going from an encrypted to an unencrypted connection in order to keep the security intact. As there’s no chance of a security breach when going from HTTP or HTTPS to HTTPS, the referrer data is passed along. So, if you are on HTTP and get a visitor from Google or the HTTPS version of Bing, you’ll not have any referrer data to analyze.
Be careful with your content management system or eCommerce platform. Some handle secure protocol in different ways – be sure to compare the different systems.
So…Should I Migrate to HTTPS?
Not if you run a blog or information website just for fun and don’t care about SEO and conversions. For all serious businesses, HTTPS will soon become the widely accepted standard of security and confidence. If you are an Ecommerce business, you should have been on HTTPS yesterday.
Are there any Down Sides of HTTPS?
Migrating to HTTPS sounds like a lot of work, and it is. But once completed, it will free webmasters from the hassle of having to maintain both HTTP and HTTPS pages, which can be nightmare if you are using WordPress. At present, most of the Ecommerce websites have SSL only on their checkout pages. Their product and content pages are still on HTTP.
You’ll need to pay for EV SSL certification, which can cost you around £150 per year and up. You may also notice that HTTPS is slower than HTTP, but if your hosting company supports SPDY, you will not have this problem.
What Do I Need to Do?
There’s no reason to panic, but you should start acting now if you’re still doing business on HTTP. Google has published elaborate guidelines for switching your domain from HTTP to HTTPS. Here are the tips that it recommends for switching:
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Check out our Site move articlefor more guidelines on how to change your website’s address
- Don’t block your HTTPS site from crawling using robots.txt (update your robots.txt)
- Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag
If you already have an HTTPS domain, you can check your SSL certificates and pages for validity using Qualys Lab tool. You should make sure that you buy an EV (Extended Validation) SSL certification, because it’s that green address bar you want. Your SSL certification should support mobile, otherwise your mobile visitors may get a nasty warning every time they come to your mobile pages from a secure location. More information about moving your site can be found in this Google article.
After you have implemented HTTPS, you’ll need to test and retest your pages to see that none of you content triggers a security warning. You need to move your whole website— all URLs, third-party content, all the files, internal links, all of it, to HTTPS.
Is It Worth the Effort, and Expense?
The webmaster community is reacting to the change in different ways. Many feel that the latest tweak by Google will basically benefit SSL certification companies and big businesses. The need for added security on your content pages is debatable, especially when your checkout pages are already secure. But that is not the point.
The real reason for shifting to HTTPS was summed up very well in a blogger’s comments that I stumbled upon when researching for this post.
“We moved to a full HTTPS site. I think speed is not the (main) issue here. Winning and earning trust of your visitors is. It is worth every penny.”
You have the controls now. What does the HTTPS update mean to your business? Did you find this post helpful? Share your thought with us in your comments.