Google announced in August 2014 ranking websites in the organic search results was going to include if the website was using an SSL certificate for the entire website. This would mean using a SSL 2048-bit key certificate (preferably using SHA-2) and provide a small ranking benefit.

Google did mention the algorithm change would carry “less weight than other signals such as high-quality content.” While this may carry less weight in improving the ranking position of a web page, what do you think the algorithm will do if your website is not using an SSL certificate? After all Google added they “may decide to strengthen” the signal because they want to “encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”

At Google’s 2014 I/O Conference one of their sessions was named “HTTPS Everywhere”. The concept is if all legitimate business websites implemented an SSL certificate the Internet would be more secure. The concept certainly has merit because in order to implement an SSL certificate your business has to disclose its information. Spam and fraud websites certainly are less likely to decide having an SSL certificate on their website under these circumstances. The last thing they want to do is be have a trail leading to the actual owner of such a website.

Over the 2014 holiday season our firm enhanced our server’s security through upgrades to the operating system, the hardware, and various configurations. Included in this process was to subsequently change our website from operating on HTTP to HTTPS. Our experiences of this process was not without errors or problems. We can share with you some of the major points in this article.

Planning Your Transition To An SSL Certificate

The process of switching your website to HTTPS is really not that complicated. The process does require some planning and deciding on a good time to make this switch. There are two major parts to the process, which include purchasing an SSL certificate from a Certificate Authority along with the installation on your hosting server; and, the other is changing your website over to only respond to HTTPS. Can this all be done over a single weekend to minimize the loss of website traffic? Absolutely.

  • Purchasing Your SSL Certificate
    Let’s start with the type of SSL certificate to buy. There are three types of SSL Certificates including basic, organization validation and extended validation options. The recommendation is to get organization validation unless you have a e-commerce website, where an extended validation certificate would be appropriate. Organization validation will require the business articles of incorporation and in some cases goes beyond to include the owners drivers license and other validating documents depending upon the Certificate Authority you are purchasing the SSL certificate from. Can you see now why spam websites will not want to do this?Once you have your website functioning with an SSL certificate you can verify this in a web browsers. Web browsers will display websites without an SSL certificate only show a globe in the address bar. Those with a basic SSL certificate will show a gray lock. Those with organizational or extended validation will show the company’s name in green in the address bar.
    For simplicity of managing your domain name and SSL certificate under one roof, the recommendation is to purchase your SSL certificate from your domain registrar. This may include companies like GoDaddy, Network Solutions and the like.

    One last comment about the SSL certificate purchase is to get one with 2048-bit key certificate using SHA-2 (secure hash algorithm).

  • Installing Your SSL Certificate
    Based on the various types of servers and their various installation requirements, we are not going to discuss this process. Please consult your web hosting company, your technology firm, or website development firm.

Transitioning Your Website To HTTPS

There are many website types out there particularly when it comes to content management system (CMS). You may be using WordPress, or Drupal, or Joomla, or Express Engine, or Magento, or a variety of other possibilities. Each of these CMS have different methods of setting up HTTPS across your entire website.

As a web marketing agency our focus will be on WordPress, which tends to do the best in communicating the website out to the rest of the web. We tend to not allow technology to dictate the marketing and business growth compared to the other systems. We won’t get into that conversation here, rather let’s focus on how to change a WordPress website to HTTPS.

  1. The first step is to go to settings and then general to change your website address from HTTP to HTTPS. Change the WordPress Address and Site Address to begin with HTTPS.
  2. Next step is to change the Permalinks and simply you can go to Settings, then Permalinks and click the save button at the botto of the page.
  3. The second item will be to for WordPress Adminstration to work over HTTPS as well. This is a bit more technical and you may need help changing wp_config.php file on the server to include the following line:define(‘FORCE_SSL_ADMIN’, true);
  4. The next step is to redirect all of your previous HTTP web addresses to HTTPS. The simplest solution is to setup a 301 Redirect in the .htaccess file on your server. The following lines of code are needed for this:RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{your domain name}/$1
  5. It is inevitable that there are parts of your website that are still coded to be HTTP. This may include images, PDF documents, javascripts and more. The simplest solution in WordPress is to add a HTTPS plugin. Specifically the plugin is called WordPress HTTPS. This will help insure all non-secure parts of your website are now operating under the HTTPS url.
  6. Lastly, you will need to go to Google Analytics and Google Webmaster Tools to inform Google your web address has changed from HTTP to HTTPS.

Testing Your Website’s Security

Now that you have completed the process of purchasing an SSL certificate, installing it on the hosting server, and changing your website to operate from HTTP to HTTPs, the final step is to confirm the Internet community actually acknowledges your website is secure.

There are two tests you can perform to confirm two different types of test.

  1. The first is confirm the server and your website are as secure as the Internet community is expecting. This can be done using the SSL test at the Qualsys SSL Labs website. Your goal is to get an “A” grade. They will provide you with the details of where the problems might be.
  2. The second is to verify all content on your web pages are operating under HTTPS. A website scanner will be needed for this and you can start by using the Jitbit SSL Checker. Depending upon the results you will be provided with details of what you may need to change in order to correct any problems.
  3. The final step will be to use Google Chrome browser, visit your website and see if you get the HTTPS response in the address bar.

Helping To Secure The Web

While there is an algorithm change going on with Google and the change is nominal in the grand scheme of your rankings, think about what impact this can have your website is not secured.

Securing your website is not only about your rankings, your business, but supports your public relations with the website visitors. You now have the ability of promoting your website as being secured with information being transmitted, even though you do not have an e-commerce website.

Lastly, consider that you are supporting the security of the web. The Internet is an interconnected web of computers and if there is a problem in one area, it has the ability of affecting many other areas. Taking responsibility as a netizen to insure the Internet continues to be a business tool is everyone’s business. Feel free to read Google’s blog post on “HTTPS as a Ranking Signal“.