In recent years, we have heard about the generalization of the HTTPS protocol to all Internet sites. Until then, the https protocol was reserved for secure payment platforms. And to sites processing ultra-confidential data: merchant sites, banks, government sites, etc. Today, https aims to expand universally and to replace http. But what is the definition of https? Why go to https? How to migrate and especially how to successfully migrate https, what is the https checklist? And finally, what impact will https migration have on SEO?
Definition of the http protocol in a very simple version
HTTP is the acronym for HyperText Transfer Protocol. It is a client/server communication protocol developed for the Web. That is to say a communication protocol between the computers of Internet users and the servers that host the websites.
What exactly is https, huh?
HTTPS is the acronym for HyperText Transfer Protocol Secure. The https protocol is the http insecure version (“s” for secure). We simply add a TLS certificate (Transport Layer Security) or SSL (Secure Sockets Layer) which will encrypt and therefore protect the data which passes between the “clients” and the servers. When a visitor arrives at a website, his “client” computer verifies the identity of this site. Your website will, therefore, be secure if you install a data encryption certificate. In practice, this means that the information that your site will transmit to the Internet user will be encrypted. This encryption will prevent anyone from intercepting information that passes from your webserver to the visitor’s computer.
What is the difference between http and https?
The difference between http and https is, therefore, the use of data encryption to make a website safer to use. This security was aimed more at e-commerce sites because to buy online, you are obliged to communicate your personal data. If your first and last name were not strictly confidential, it is not the same for your address, or your credit card number.
With an SSL certificate, sensitive data transmitted on websites are safe from malicious acts.
How do I know if a site is secure in Fort Knox mode?
Or how to put https in green? When a website is secure, its url includes an “s” after http (like here: https://www.dmtwebhosting.com). In addition, a small green padlock is displayed to the left of the url bar, indicating that the site is completely secure. Sometimes a black padlock appears, which indicates that the site is only partially secure.
How do I know if an online payment is secure?
And avoid having your CC number stolen on the 1st purchase? In the same way, it is, therefore, enough to look if the http protocol is followed by the “s” and if the small padlock in the url bar is indeed green.
Why go to https?
1 / For data security, yes!
Switching from http to https is primarily intended to secure the transfer of personal data between the user and the site. If you want to secure information about your subscribers and customers, it is imperative to migrate to https.
2 / To reassure your customer’s Internet users
Your website will be reassuring for the user; it will be more confident. Assuring him that his data is in good hands.
3 / To improve web security because it is your mission on earth
In its Chrome browser, Google has displayed, since 2017, a mention “Not secure” in front of the URL bar of a site that does not use an SSL certificate. Marking its will to secure all transactions on the web and make the Internet more secure.
4 / Not to penalize your SEO by shooting him in the foot
Imagine that Google starts by posting a message in the url, then puts penalties on non-https websites (or bonuses on https sites), there is only one step. Indeed, it will be very easy for the American giant, during a next version of the algorithm of its search engine, to penalize http sites in favour of https sites. That is to favour a search result coming from a site in https, rather than that of a site in http.
In this regard, Google announced in February 2018 that it would display the words “Unsecured” from July 2018.
How to migrate your site to https? How to successfully migrate?
In the preamble, note that you should no longer install the https protocol on certain pages only (payment page for example). It is better to install it on the entire website (on all pages). So here is how to put your site in https, and right after, I would summarize the whole in an https migration checklist.
In the title of this paragraph, I used the term “migrate” because it is a true https migration. It is not enough to install a security certificate. After installing TLS or SSL, you need to perform a set of actions so that your site looks exactly like the old one. But with https instead of http. This is almost equivalent to a change of domain name because you go from http: //www. dmtwebhosting.com to https: //www. dmtwebhosting.com.
1 / Choose the TLS SSL certificate: the one you need
There are 3 levels of SSL security.
SSL DV certificate
The first with a simple DV type certificate with Domain Validation. There are paid and free ones.
OV SSL certificate
The second OV type with Organization Validation only exists in the paid version. It secures at the intermediate level by authenticating the publisher and Internet users.
SSL EV certificate
The third type of EV with Extended Validation (“Extended Validation”) provides stronger security in return for an even higher price (but including extended guarantees).
Note also that the second and third certificates are much more restrictive to obtain than the first.
2 / Install the SSL certificate on your website
Installing a DV certificate “Domain validation” is quite simple. It may be provided by your web host. This is the case of DMTwebhosting with SSL DV Let’s Encrypt free and preinstalled that you just have to activate for the domain name of your site. The majority of websites will be content with the first simple certificate. For specific applications, contact an expert to purchase the second or third level of security.
3 / Make permanent redirects (301) from http to https
Setting up https on its site requires redirecting from the “old” site in http to the “new” in https: http> https. This will avoid losing your SEO and will guarantee that a backlink to any content on your site in http is redirected to the same content whose url now starts with https. And transparently to the user. The 301 redirects will also prevent search engines from considering your site to publish duplicate content.
4 / Modify the url of internal links and images
The touchiest and difficult part to operate.
a- Do you use a CMS that works with relative URLs?
These are URLs that do not refer to whole paths, but to relative paths. For example, to reach the page of this blog, this system would use this url: / blog / or. /blog/. This is the full url without the http (s), the subdomain, the domain, or the extension. The system assumes that all URLs start with https://www. dmtwebhosting.com and therefore simplifies matters by only indicating in the URL what comes after this common core. In the case of relative URLs, it’s very simple, there is nothing to do, just check 😉
b- Do you use a system that works with absolute URLs?
These are URLs that refer to entire paths. For example, to reach the page of this blog, this system would use this complete url: https://www. dmtwebhosting.com /blog/. In the case of absolute URLs, it is more complicated. For a site that does not have many pages, it is possible to modify the URLs “by hand”. On the other hand, if your site contains as many pages as “Les miserable”, you must use a script capable of modifying the fields in the database. And automatically apply the changes to the entire site. If you need a helping hand, you can contact me, I would be happy to help you 😉
5 / Edit the robots.txt file
For example, if you have a WordPress site with a plugin that manages SEO, your site has a priori a dynamic sitemap, which is usually found at the root www. dmtwebhosting.com /sitemap.xml. In the robots.txt file, which is also found at the root www. dmtwebhosting.com /robots.txt, one of the best practices is to place the address of this sitemap there. You must, therefore, verify that your robots.txt file is present and that it contains the url of the sitemap. And if so, replace this url in http with that in https.
6 / Declare your flame site at Google
The https migration corresponds to a change of url. You must, therefore, re-declare your (new) website (in https) to Google. This is managed in the search console of your Google account: you must create a new site by selecting “https: //” instead of “http: //” in the menu. If you have an analytics account, simply replace “http: //” with “https: //”, you will keep your attendance statistics.
7 / Declare the sitemap to Google (and to Bing)
Just like when you create a new website, you must declare the (new) sitemap with the new url starting with https, in your Google search console and in the webmaster tools if you use those of Bing. Note that if your old sitemap on http contains the new 301 redirects to https, it can be clever to submit its update in the old property in order to inform Google in a proactive way.
8 / Test your site in https
The last item in this https checklist is the test. Indeed, it is necessary to test, test and re-test to verify that everything is working and that the green padlock is displayed permanently and not partially.
What will be the impact of an https migration on Google SEO?
The most important point is to manage to mobilize to do all of the migration in stride. In a few hours so as not to lose traffic. There must be a minimum of time between the start and the end of the https migration, so as not to penalize the position of your web pages in search engines. A page which changes url and which is not redirected will generate a 404 error which will penalize your SEO. Just like calling an image, a style or a function: the absence of an error of redirection will imply a functioning or display problem.
So, in conclusion, https migration yes or no?
Definitely yes. Google in its help page recommends adopting the https protocol: “We encourage you to adopt the HTTPS protocol in order to allow Internet users to view your website securely, whatever it’s content. “And announces the appearance of the mention” Not secure ” from July 2018 if your site is not.
But it is not a trivial operation for individuals or small structures. Because they do not necessarily have the means to turn to an expert if they do not have the human or financial resources to do it themselves. For the creation of a new site, the question does not arise. It must be mounted in https as soon as it is put online using free SSL certificates to get started. In the case of an existing site, the financial weight of the https migration must be weighed in relation to SEO issues in particular.
About the author
DMTwebhosting.com’s Editorial Team prides itself on bringing you the latest web hosting news and the best web hosting articles!
You could also link to the news and articles sections: