With the online environment becoming more and more complex and cyberattack becoming more and more frequent, online security issue is regarded as a burning problem that need to be addressed quickly.
In fact, the Internet security topic never dies down, but is always a staple issue in front of online users. It is related to not only the site security, but also their business or profits. If you are keen to have a higher ranking in search results, then you have to pay attention to it.
To make your site more Google friendly, you have a lot of things to go, which makes it a miracle to run your business during that time. What we want to emphases is that there are some important Google ranking factors to help you improve their site performance to get better rankings, such as boosting your site speed, making your site mobile friendly, or enhancing your site security.
Just like we mentioned in the beginning, security is really important and becoming more and more challengeable task in the future. If you pay attention to Google announcements on the ranking factors, you must notice these factors:
- Load speed
- Mobile friendliness
In the three factors, you can switch to a SSD hosting, which is enough to address the first factor for many small businesses; if you are to considering the second factor, you can go for a ready-made template or using a mobile site builder to keep the costs down; to handle the third one related to security, you can choose to switch to a secure HTTPS hosting which will involve purchasing a reliable SSL certificate.
In this post, we are to cover the third factor and the guide for it.
What is HTTPS? How important is it?
If you ever pay attention to the browser bar of the site you are browsing, and have a look at the site’s address, you can notice that most of them have the beginning with HTTP, namely Hypertext Transfer Protocol. It is a way of describing this system allowing the distributed systems to communicate with others.
Besides, you may notice that there are some sites starting with HTTPS. Actually, the “S” is “Secure”, which presents that the link between the site and your computer is secure. If not, the padlock symbol may be more similar to you. When it appears and you find a green browsing bar, it means the site’s address start with HTTPS.
How does HTTPS work? It will create the encrypted connection between the site and your devices you are browsing on. So, it can protect the data from being intercepted by others between the site and your devices.
For those website accepting sensitive data and confidential information like login passwords and payment card details, to protect their data security is very important.
In the past, HTTPS was pretty much to e-Commerce websites to accept payment, and just used in the payment fields. Things always change. In recent years, more and more websites have switched to HTTPS to ensure the entire website to be secure.
Actually, this situation is an ineluctable tendency. With the Internet technology development, as people enjoy the convenience the advanced technologies bring for them, they also have to face the converse side of the coin. More sensitive information is stored online, more risks the websites are taking. With the increased safety awareness and Google’s clear ranking factor of HTTPS, it is time to switch your site to a HTTPS hosting.
What’s the point of the importance of HTTPS for you! It is good for your Google ranking, website security, and your reputation online!
However, how to make the switch? It requires an SSL certificate. In below, we’d like to introduce some details about SSL certificates, so that you can understand which type fits your site.
About SSL Certificate & Your Options
In general, if you need an SSL certificate, your web hosting provider can offer you. Actually, SSL certificates are just the data files which bind encrypted “keys” for your site to keep the connections between your site and the visitors’ devices are secure.
An SSL certificate can activate the green browser bar or the padlock, which depends on the SSL certificate types and can make sure the link is the secure HTTPS.
SSL Certificate Types
When you are choosing your SSL certificate, you will find that there are many different types available, which come with multiple pricing structure and feature packages. But the way of SSL certificates working is the same, so you will not receive more secure connections when you pay more. There are four SSL types:
Domain Validated SSL – the cheapest SSL type. Normally be issued within minutes or even immediately. To activate it, you need to prove the ownership of the domain only! It will show the padlock in your browser bar, and is valid for one single domain.
Wildcard SSL – includes the same cheap pricing, easy-of-use, and other features as DV SSL. Differently, Wildcard SSL certificates can secure one single domain and its first-level subdomains. Therefore, this one has very high price value.
Organization Validated SSL – This type of SSL is more expensive than the two above, which requires verifying your domain ownership and your company ownership. It usually takes 1 to 2 work days to complete. After activation, it will show the padlock in your browser bar.
Extensive Validation SSL – this EV SSL requires verifying many details about your companies. For instance, Certificate Authorities will verify whether the organization or company legally authorities you to buy an EV SSL certificate; whether the organization or company owns the domain the EV SSL will secure; or whether your site is active. Additionally, the company or organization’s name, address, and phone number will be verified as well.
So, EV SSL certificates are the most complex but have the highest trust one. Usually takes 3 to 4 work days to complete the validation, and after that, your site will show the green browser bar.
Google Chrome, MS Internet Explorer 7x, Firefox 3x, Apple Safari 3.2x, iPhone Safari 3.0x, and Opera 9.5x, will identify EV SSL and activate the security enhancements in browser interface.
How to Switch from HTTP to HTTPS
Now that you have learnt these SSL types, we can move to the steps of install one right for your site and begin to switch your site to HTTPS.
Actually, before making any steps, you should understand that there are some steps very straightforward, but also some require a certain degree of your technical knowledge. That matters before you set out.
Therefore, if you are really not comfortable to make these changes, then we would certainly recommend you to use the web developer’ services and use this detailed guide as your checklist so as to ensure everything has been done well.
Depending on your technical expertise level as well as your web hosting you are using, you are likely to conduct part of the work in following list or even all. If you are using a VPS hosting or dedicated server, you may not need your web hosting company’s help, you can complete the SSL certificate signing request and even approve the certificate yourself. If you are in doubt, you can check it with your web hosting provider.
Step 1: Buy & install an SSL Certificate
For convenience, we believe most users will purchase their SSL certificates from their web hosting providers, because the companies will offer hands with the SSL certificate installation.
To make things simple, we will assume that you but a DV SSL requesting simple vilification process. Once your make the SSL certificate order, you will receive an automatic email to a pre-defined email address enabling you to prove your domain ownership.
It is normally like [email protected]
You can decide whether you go with an SSL certificate having www. or without, which all depends on your own preference. Of course, you may be not sure about that, so you can just stick it with www. before your domain.
Once you take the SSL certificate code, you will install it on your server. Note, this process can ask for your provider’s assist.
Step 2: Back up Your Website Files
This is a must step whenever you are to make any changes to your website, which is the equivalent of plan B so that you can always get a site files’ copy in case that you encounter any problems.
You can do it by yourself if you are offered an easy-to-use control panel, such as cPanel. Or you can contact your provider to consult these, because some providers will cover this part and some of them request a paid service.
Step 3: Update the Internal Links of Your Website
When you check all the internal links of your website, you can find that they are using HTTP. So, it means, to switch to HTTPS, you also need to update these HTTP link to HTTPS links. We will show you a redirection technique in a few steps.
If you are just running a small and simple website with several pages, then you can perform it and it won’t take too long. However, if you have a complex website, then we recommend you to make use of a tool to automate these steps.
Step 4: Update External Links Pointing to Your Website
During the process of switching to HTTPS, if there are external links which link to your site, then they will still point to the previous HTTP version. So, you need to update these external links to HTTPS as well. you can still use the redirection technique in a few steps, but if there is any external website in which you control over your own profile, then you need to update its URL so as to point to your HTTPS version.
You can refer to the good examples such as your social media profile, GoogleMyBusiness, and other directory listings including your profile page which you can control.
Step 5: Set up a 301 Redirect
If you are not familiar with these technical things, you’d better to get expert assistance. In fact, this step is very straightforward and does not take much time, but we think you should understand what you are doing.
With a 301 Redirect, it is that you are telling Google the page has been moved to another address permanently. In this practice, to set up a 301 Redirect is to tell Google all the HTTP pages on your website are updated to HTTPS now, and the 301 Redirect will enable Google to get the right pages.
If you are using a Linux web hosting, then the setup of 301 Redirect can be done by the .htaccess file. If not, you can talk to your provider to get advice about this.
Step 6: Update Your CDN for SSL
This step is not a must, because not every user using a CDN. It stands for the Content Delivery Network and is actually a geographically distributed server set which stores the copies of your website files, and they show these copies to your audience form a geographically close server so as to boost the page load time.
Besides performance improvements, the CDN service can also enhance your site security, because these geographically distributed servers are able to monitor, identify and stop the malicious traffic reading your site.
You can contact your web hosting provider to learn whether you are using it. If not, then you can move on to the step 7. However, if you are, then you have to contact your CDN company and ask for the instructions to update SSL, so that your CDN system can recognize it.
Step 7: Check All Links in Your Automated Emails & 3rd-Party Tools
To make the site management easier, users usually take advantages of many additional tools, like billing systems, landing page generators, and email autoresponders.
Just like the enteral links, you need to check them through and update all of them pointing to the HTTP version.
Step 8: Update Your Pay Per Click Content
Similarly, if you’re using the paid search, then you’d better to check these links again for the landing pages.
In step 5, setup a 301 Redirect will include this, but we believe it will be best to double check for any omissions and change them.
Step 9: Update Google Accounts
In the end, you also need to update your Google accounts, including Google Analytics and Google Webmaster Tools. You need submit your HTTPS version as well as SiteMap for Google Webmaster Tool, and switch your default URL to the HTTPS for your Google Analytics account.
HTTPS now is the minimum standard the Internet requires. Also, Google has been promoting it by taking it into the ranking factors. By following this step-by-step guide, and asking some help from a web developer or your web hosting company, you can do this well. Try to be careful especially when you are checking the internal and external links, and be patient to fulfill these steps to enjoy the comfort in the future because it is just a one-off task.