Why your website needs an SSL Certificate
In this article we look at one of the must-haves for a website, a SSL Certificate. Which type do you need and more importantly, why do you you need one at all?
Why We need SSL
Essential Since October 2017
As of October 2017, Google Chrome will start to warn people with this message:
Google is supporting our move to what’s called ‘The Encrypted Web’, a push to essentially force every website to be secured by SSL. This means that if your website doesn’t have an SSL Certificate, you won’t be getting traffic from Google. Let that sink in for a moment.
Some common myths associated with SSL:
- You’ll hear people say, ‘If you don’t have sensitive information on your website or if you are not selling a product or service where someone buys online, then there is no need for an SSL certificate.”
- SSL doesn’t increase security.
- You don’t need an SSL for a blog
- Encrypting all pages on your website will only slow them down.
5 Reasons why your company’s website should have HTTPS
- It’s the right thing to do for your website users by transferring information securely from your website to their devices (and vice versa).
- You can have a faster loading website by using HTTP2. Again a net win for you and your users.
- You are future proofing for what the search engines and browsers (like Chrome), expect you to do.
- It’s a positive ranking factor, and that is straight from Google’s mouth. And Brian Dean’s research of analyzing 1 million search results proved that, in fact, many of the first page results on Google have a strong correlation with sites that have HTTPS. Just see his image of this data below.
- Improved analytics data from referral traffic. When traffic passes to an HTTPS site, the secure referral information is preserved. This is unlike what happens when traffic passes through an HTTP site, and it is stripped away and looks as though it is “direct traffic” on most analytics software.
Think you can do it yourself? Here is our Before, During and After setup of SSL Checklist and as you can see to do it properly you need an expert.
The Ultimate Checklist for Migrating from HTTP to HTTPS
Before Launching HTTPS Checklist:
- SSL Certification Setting – Get, configure and test the TLS certificate using SHA-2 for SSL on the server.
- Google Search Console Registration – Register both domains HTTP & HTTPS in Google Search Console, along with your www and non-www versions. If you also had registered individual subdomains or subdirectories in the Google Search Console, replicate that registration & configuration with their https version.
- Rankings Monitoring – Be sure to benchmark your rankings in both Google and Bing prior to changing your website to the https
- Current top site pages & queries identification – Identify the top pages and related queries- attracting organic search visibility & traffic so you can prioritize when validating & monitoring the site performance. It’s a great idea to mark notes in Google Analytics timeline.
- Crawl the current website – Crawl the current website and find any broken links and technical issues and be sure to fix those issues first before moving HTTP to https.
- New HTTPS web setting with updated internal links – Set the new web version to make the new changes too. Be sure to test & update the links on a stage environment. It’s common to remember to point to the URLs to the new destinations, but often people forget files like images, js, pdfs, etc. Be sure to point all files to the new HTTPS structure.
- New HTTPS Web canonicalization – Update the canonical tags to include absolute URLs using https on the stage environment.
- New HTTPS Web canonicalization – Verify in the stage environment that all of the already existing rewrites & redirects behavior (non-www vs. www; slash vs. non-slash, etc.) are also implemented in the https Web version as they used to work on the HTTP one.
- Redirects preparation – Set the new Web version to make the changes, test & update the links on a stage environment, to point to the URLs (pages & resources such as images, js, pdfs, etc. too) with HTTPS.
- New XML Sitemap Generation – Generate a new XML Sitemap with the URLs with https to be uploaded in the HTTPs Google Search Console Profile once the site is moved.
- Robots.txt preparation – Prepare the robots.txt to be uploaded on the https domain version when the site is launched replicating the existing directives for HTTP, but by pointing to the https URLs if necessary.
- Campaigns updates preparation – Prepare changes on any ads, emailing or affiliates campaigns to start pointing to the https URLs versions when the migration is done.
- Disavow Configuration – Did you have a penalty at some point and needed to submit a disavow list? Verify if there were any disavow requests submitted in the past that will need to be resubmitted again for the https URLs versions in its own Google Search Console profile.
- Geolocation Configuration – If you’re migrating a gTLD that you are geo-targeting through the Google Search Console (as well as its subdomains or subdirectories, in case you’re individually geo-targeting them), make sure to geo-target them again with the https domain version.
- URLs Parameters Configuration – If URLs parameters are handled through the Google Search Console the existing configuration should be replicated in the HTTPs site profile.
- CDN Configuration Preparation – If a CDN is used verify that they will be able to properly serve the https domain version of the site and handle SSL when the migration is done.
- Ads & 3rd-Party Extension Preparation – Verify that any served ads code, 3d party extensions or social plugins used on the site will properly work when this is moved to https.
- Web Analytics Configuration Preparation – Make sure that the existing Web Analytics configuration will also monitor the traffic of the https domain. This often means setting up new profiles in Google Analytics, Adobe Omniture, etc.
During an HTTPS Launch Checklist:
- HTTPS site launch – Publish the validated https site version live (kinda obvious), but what the heck!
- Validate that New HTTPS URL structure – Make sure the HTTPS site version is the same than the one in the HTTP
- Validate internal links – Verify that the site’s internal links are pointing effectively to its HTTPS URLs
- Validate the new HTTPS version canonicalization – Verify that the canonical tags on the pages are pointing to its HTTPS URLs.
- Validate new HTTPS version canonicalization of redirects and rewrites – Implement the rewrites and redirects from www vs non-www, slash vs. without slash, etc. in the new HTTPS Web version.
- Validate HTTP to HTTPS redirect implementation – Make sure the implementation of the 301-redirects from every URL of the site from its HTTP to HTTPS version are working.
- Web Analytics Configuration – Annotate the migration date in your Web Analytics platform & verify that the configuration is set to track the https Web version.
- SSL Server Configuration Validation – Verify the SSL configuration of your Web Server. You can use services like https://www.ssllabs.com/ssltest/
- Robots.txt Update – Refresh the robots.txt setting in the https domain with the relevant changes.
After a HTTPS Launching Checklist:
- HTTPS crawling validation – Crawl the site to verify that the HTTPS URLs are the ones accessible, linked and served without errors, erroneous no-indexations & canonicalizations & redirects.
- New HTTPS site redirects validation – Verify the redirects rules from http vs. https, www vs. non-www & slash vs. non-slash are correctly implemented.
- XML Sitemap Release & Submission – Upload & Verify the generated XML sitemap with the https URL versions in the https Google Search Console profile.
- Official external links update – Update official external links pointing to the site to go to the HTTPS version (Social Media profiles partner sites, etc.).
- Ads & 3rd-Party Extension Validation – Verify that any plugins like social buttons, ads & 3rd party code are correctly working in the HTTPS URLs versions. You can scan your Website to look for non-secure content with https://www.jitbit.com/sslcheck/.
- Campaigns update Execution – Implement the relevant ads, emailing and affiliate campaigns changes to correctly refer to the HTTPS Web version.
- HTTPS Crawling and Indexation Monitoring – Monitor the indexation, visibility & errors of both the HTTP & HTTPS site versions.
- HTTPS Rankings & Traffic Monitoring – Monitor both HTTP & HTTPS site versions traffic and rankings activity.
- Robots.txt configuration validation – Verify the robots.txt setting in the https domain to make sure the configuration was properly updated.
It’s not easy to get right, you need an experienced developer to manage this for you. As seen from this infographic, up to 90% of sites do not have their SSL setup correctly!
Digital Marketing Techniques come and go,
but a solid DIGITAL STACK outlives them all
About the Author: Brad Jeffery
Chief Bottler - BottledCode
Brad is the Founder of BottledCode. He is also the Founder of IdeasKicker.com and is the inventor of the term Crowd Vetting. In 2005 he co-founded RealXstream.com, a video streaming service for the extreme sports industry and in 2014 was a senior tech lead on the largest FinTech project in the Southern Hemisphere. He also spends his time running multiple e-commerce sites as well as the owner of Made in the Gong, a makerspace. Over the last 20 years he has built hundreds of websites, apps, middleware, plugins and services and has a passion for marketing & developing automated business processes through software.