Recently, there has been a lot of talk in the digital world around people making their websites HTTPS, with many saying they are waiting, and many saying they did it a long time ago. In this article I am going to discuss the best practices to securing your website with an SSL Certificate, I will talk about;
- What is HTTPS?
- How will switching to HTTPS benefit me?
- Consider which SSL certificate to use
- Things to remember when changing over
What is HTTPS?
HTTPS is basically the secure version of HTTP, which is the protocol over which data is sent between your browser and the site you’re trying to reach. The S on the end of HTTP means secure, and this is down to all communications between your browser and the website being encrypted if you use HTTPS.
How will switching to HTTPS benefit me?
Three layers of protection
Encryption. The data that is exchanged between the browser and the website is encrypted. This means that when users are on your website, nobody can “listen” to their conversations, track what they’re doing or steal their information.
Data integrity. When this transfer is happening, data cannot be modified, intentionally or otherwise, without being found out.
Authentication. Proves that your users communicate with the intended website. This helps prevent man-in-the-middle attacks and builds user trust, which translates into other business benefits, find out more about building consumer confidence here.
Google actually announced that using HTTPS on your website will give a minor boost to rankings, they stated that this will be a very small benefit, but could become more significant over time, but, as anyone who does SEO will know, any benefit is worthwhile.
Consider which SSL certificate you want to use;
Domain Validated (DV);
This is the lowest type of secure SSL certificate, however, it doesn’t require any validation from the certificate authority, so it is the easiest SSL certificate to obtain. A domain-validated certificate is either free or very cheap.
Organisational Validated (OV);
The Certificate Authority will need to check your site and company and validate it if you are trying to obtain an OV. This certificate will give users an insight into who is behind the site and should build confidence for users on this page.
Extended Validation (EV);
An Extended Validation SSL is the highest level of security you can have, the Certification Authority will do lots of very thorough checks, and it may take a long time to validate your site. This may also be a costly certificate, but it is the highest level. With this certificate, you will also be given the well-recognised green bar with your company name on it.
Things to remember when changing over
Update all links on the site to HTTPS.
This can be done through a find and replace in the website’s database, ensuring that all internal links now point to HTTPS, using the correct redirects to do so.
Crawl the website.
You should crawl your website before and after making the change and compare the two crawls, by doing this you can find any errors that may have occurred during the change over, and you can fix them swiftly.
Update your sitemap to ensure that it is using HTTPS versions of the URLs.
Make sure you’re not blocking your HTTPS site from being crawled using robots.txt.
Avoid using =noindex meta tags on any HTTPS pages.
Once you have completed all the steps to change over, and you have considered all the things to remember, you should have moved over to HTTPS seamlessly. The benefits of switching to HTTPS may not be instantaneous, but we are sure that having a secure site in the eyes of your users will be beneficial to your website over time.