SSL Certificates
  Navigation

Why to Make Your Site Secure

Non-HTTPs Sites Are Not Favored by Google

On October 2017, Google Chrome had started to mark all non-secure pages as ‘Not Secure’ if a site had any password fields or credit card fields present on a non-secure page.

From July 2018, Google will start naming websites that are not secure and thereby nudging users not to visit such sites. Google has released this news via a blog article on February 8. Read the article here:  A secure web is here to stay

If your website is not fully https, it will negatively affect the bounce rate of visitors, which would lead to lesser performing AdWords campaigns and potentially lower rankings in the search engine results. So now, more than ever, it is vital that your website uses the HTTPS security.

If your site isn’t secure, don’t be surprised if your rankings and traffic begins to decrease come July 2018.

Here is an article from Google that explains how Google views HTTPs on sites: HTTPs as a ranking tool. So even if your site does not have ecommerce capabilities or ask users any personal details via a form, it's important that you switch to HTTPS to avoid being shunned by Google and potentially all popular browsers.

Here is a link to a page on Google that explains https in more detail: https://support.google.com/webmasters/answer/6073543

You May Lose Customers

Your users may not bother contacting you when they see a non secure message on your site and may just silently move on to a competitor whose site does not show up with a warning in their browser.

A Non-secure Site Looks Unprofessional

Here's an example of how unsecure sites show now versus how they will show in the future.

Users can still click on the "i" icon and notice the warning from Google. 

Eventually, all http pages will show an alarming red warning like the below example: 

Once a site is secure it will show up with a "Secure" badge and allow the user to click the lock for more details.

How to Make Your Website Secure

Get Your SSL Certificate

Before any changes to the site can be made, it requires a security certificate which needs to be installed on the server.  Check out this page if your site does not have an SSL certificate and you'd like to get one. Note that SSL certificate is necessary also for any sub-domains that are used on the site - e.g. search using a subdomain to show custom content to different access levels.

Programming Level Changes

  1. Search in the database level in all modules, cms, ecommerce, news, blogs, etc for any links that were hard codes with http://www.site.com and convert them to be relative paths, including all objects, files, js, css, etc that may be hard coded
  2. Modify and test all canonical code
  3. Update sitemaps to use HTTPS versions of the URLs.
  4. Make sure any external scripts that are called support HTTPS.
  5. Update references in templates. Again, you’ll want to make sure references to scripts, images, links and so on are either using HTTPS or relative paths.

Non-programming Changes

  1. Make changes in Google Search Console - another property needs to be made which uses the https version of the site.
  2. If your site uses a caching system, such as Cloudflare, make sure their URLs are also served from https.
  3. Check redirects to make sure everything is relative - not hardcoded. If a site has 100s of redirects, it might be more efficient to get this done with the help of programmers.
  4. Add the HTTPS version of your site to all the search engine versions of webmaster tools that you use and load the new sitemap with HTTPS to them.

Checklist For Ecommerce Sites

  1. Update any paid media, email or marketing automation campaigns to use the HTTPS versions of the URLs.
  2. Update any other tools such as A/B testing software, heatmaps and keyword tracking to use the HTTPS versions of the URLs
  3. Update any incoming links on any properties you own/have the ability to edit, if not, it's fine. This is only to decrease the load time on pages so the sever is not under undue stress by trying to redirect non-https pages to https versions.
  4. Generally, the website will auto-redirect any http page to https, so there shouldn't be any access issue because of the switch

Testing

 Monitor everything during the migration and double-check to make sure everything is going smoothly:

  • Check your orders to make sure they are getting submissions at regular intervals
  • Do a test order yourself if you haven't received any orders soon after going live
  • Check that your ad campaigns or any Google shopping campaigns are going to the correct landing pages.
  • Try logging into your site from your website to make sure you can login without a problem
  • Fill out test contact forms to be sure it's working fine. If your users experience a problem, they will generally use this form to communicate with you.
  • If you have a phone number on your site, be wary of calls that are related to usability - get the users' browser, operating system, and steps on how to replicate and forward those to AspireSoft.
  • Check google analytics' live stats to see how many users are on your site and how long they stay. If they are staying only for a few seconds, there might be something wrong on the pages they were on. Check the pages the users were on to be sure they're displaying correctly.
  • Double check on any redirects you may have set up in the Redirects module - they should be going to the https version of the target page.
  • Go to the non-https pages on your site to make sure they are redirecting correctly

Checklist For Non-ecommerce Sites 

  1. Update any paid media, email or marketing automation campaigns to use the HTTPS versions of the URLs.
  2. Update any other tools such as A/B testing software, heatmaps and keyword tracking to use the HTTPS versions of the URLs.
  3. Update any incoming links on any properties you own/have the ability to edit, if not, it's fine. This is only to decrease the load time on pages so the sever is not under undue stress by trying to redirect non-https pages to https versions.
  4. Generally, the website will auto-redirect any http page to https, so there shouldn't be any access issue because of the switch. 

Testing

 Monitor everything during the migration and double-check to make sure everything is going smoothly:

  • Try logging into your site from your website to make sure you can login without a problem
  • Fill out test contact forms to be sure it's working fine. If your users experience a problem, they will generally use this form to communicate with you.
  • If you have a phone number on your site, be wary of calls that are related to usability - get the users' browser, operating system, and steps on how to replicate and forward those to AspireSoft.
  • Check google analytics' live stats to see how many users are on your site and how long they stay. If they are staying only for a few seconds, there might be something wrong on the pages they were on. Check the pages the users were on to be sure they're displaying correctly.
  • Double check on any redirects you may have set up in the Redirects module - they should be going to the https version of the target page.
  • Go to the non-https pages on your site to make sure they are redirecting correctly
  • Check your ad campaigns to make sure they are taking users to the correct landing pages

Please send us suggestions regarding this documentation page
If you would like to recommend improvements to this page, please leave a suggestion for the documentation team.

Be the first to write a comment...