HTTP to HTTPS, to move or not to
HTTP to HTTPS shift is one of the basic best practices towards making your web site secure
With Google encouraging https encryption, most website owners are finally seriously considering shifting from http to https.
The shift is necessary, not just because Google is advocating it, but because it protects the information provided by unsuspecting visitors, and should be a default practice adopted by website owners.
Today we practically live in the internet, from information sharing to purchasing, for most of us, without the internet, even basic day to day activities cannot be executed. Internet is pretty much a place where everyone hangs around these days! People readily share information about themselves by publishing blog posts, sharing through social networking sites such as, Twitter, Facebook, Google+, Pinterest, etc . They like, dislike, update their status, express their opinions, and pretty much share whatever they wish to.
All this is information that people wish to share willingly, but what about information that people do not wish to share? Are they sure that their private data is secure?
Does every website ensure that the data exchanged remains private?
The answer is a NO, many websites do not have the necessary measures required to encrypt the data, and they are exposing their unsuspecting visitors and making them vulnerable to attacks that may cost them dearly.
Encryption is now a must not only because it ensures visitors that the website is taking necessary measures to keep their data secure, it also has a positive impact on new visitors who are secure in the knowledge that their data is secure. Enabling https for the entire site ensures that the data exchanged between the browser and the server can be read by the browser and the server.
The shift from http to https does entail a bit of work but it is not such a mammoth task, in fact if you are using a platform such as wordPress, it is easily implemented.
Some of the basic steps involved in shifting from http to https are given below:
1. Request your hosting provider to enable https for your website- Installation of the certificate is best left to the web hosting provider. There are several certificates available but go for what is recommended. A 2048-bit key certificate is a standard guideline provided by Google.
2. Back up your files and database.
3. Update your .htaccess file by adding the below-mentioned to your .htaccess file. This will ensure that your traffic is getting redirected permanently to the https
version.
RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://seo-bestpractices.com/$1 [R=301,L] |
3. Login to wordPress and select the https version for your site.
4. Google Search console: The https version will need to get added to the search console. The process is the same as adding a new site. See below:
5. BING webmaster tools: The same process needs to be followed. You will need to submit the https version and verify.
5. Sitemaps: The https sitemaps in XML formats will need to be submitted as shown below.
6. Google Analytics: In order to select the https version, go to Admin and under View Settings and select the https version as shown below:
You will need to re-link the https version from search console. Go to Admin, and then property setting to re-link your new https site with Google analytics.
7. WordPress SSL insecure plugin: This is a very useful plugin and checks and ensures that your web website does not show up mixed contents (http and https). It is absolutely critical that two URLS with the same content do not exist.
8. Continue to monitor traffic and any errors that you may come across from search console. It will take some time for things to get back to complete normalcy. A slight fall in traffic is normal.
At the end of the day, if by doing our bit we can help in making the internet a little safer does it not become all worthwhile?
It will be great to know your thoughts on this. Looking forward to hearing from you.