On New Year’s Day 2018 Google will label HTTP websites as “insecure”, one can only imagine what that will do to those left behind! It's therefore critical to update your website to HTTPS before we all party like it's 1999.
Of course if you already have an SSL certificate and you're using HTTPS on every single web page that's publically visible, you won’t have to worry about a thing. This is all part of Google’s decision, announced on their security blog to “help users browse the web safely”. This has all come about because HTTP allows potential hackers to interfere and intercept messages passed from your website to your servers - and with stricter data protection laws coming in place, even your basic contact form needs to be secure.
With all these HTTP, S’s and SSL’s it can be a bit of a minefield to the non-techies amongst us, as it presents a few common problems when making the switch.
1) It can affect your Google rankings overnight… we’ve seen people lose their positions, but hopefully now Google will see this as a positive change and reward those on HTTPS over HTTP.
2) It requires your website developer to spend time recoding elements of your website to ensure all connections are over HTTPS, i.e. if you included a tracking script, or an image from another website - they all need to be HTTPS
3) You’ll have to spend money to fix issues, retest your entire website and purchase an SSL certificate - even if you don’t take payments online… I know, life is hard.
Of course, HTTPS is not 100% safe, it's been hacked before and probably will be again. A spokesperson at NASA said "Studies show that users do not perceive the lack of a 'secure' icon as a warning," his post states. "Users [also] become blind to warnings that occur too frequently."
Here’s a few pointers to help you make a frictionless switch to HTTPS:
1) Contact your web developer to talk about the migration to HTTPS and if they have experience in doing this before and what their action plan is, they should have a detailed process which they will share with you, including the setup of a test website, SSL purchase, changes to your website, and others points we’ll list below.
2) 301 Redirect - which essentially tells Google, hey my website was HTTP but is now HTTPS, and please redirect all visitors to the new HTTPS website
3) Update your incoming links - all those lovely SEO links you have will need updating as your page won't exist anymore. Even with a 301 redirect, we suspect Google will give more weight to those sites with HTTPS links over HTTP with a 301 redirect
4) Update all profile links on social media to new HTTPS website
5) Update your sitemap and robots.txt
6) Reconfigure your canonical tags
7) Update Google Analytics and Search Console with your new URL
8) Update and links in Newsletters, blog posts and other digital media
9) Plan in a time and date for the move, ensure your dev website is fully tested page by page, and that everyone is ready for the move over. Have a backup plan and a backup incase anything goes wrong!
10) Let your customers know about the impending update and any service interruptions it may cause
We could continue, but we’d rather point you in the direction of D2i who are offering BCA members a special package for HTTP to HTTPS migration. Please contact Dan Drogman on 0203 102 4100 for further details, and make sure to mention the BCA.
Good luck with the migration :)