How to set https Protocol – by-step instructions
Now, moving on various sites on the Internet, you increasingly have to face that some sites use in the browser address bar an icon with a padlock before the URL of some websites. This icon signifies that the website uses a secure https connection instead of regular http. In this article we look at what constitutes a secure connection, why translate your website to https, and also – how to do it.
What is HTTP and SSL?
HTTPS (Hyper Text Transfer Protocol Secure) is a secure version of http Protocol that is commonly used to transfer data over the Internet. Secure HTTPS Protocol is the most suitable in the first place for Internet banking and online stores, in order to protect all transactions from intruders.
SSL (Secure Sockets Locket) is a Protocol that provides secure connection for transferring files over the network. In other words, SSL is used to encrypt the contents of files, and to encrypt the connection itself.
A presumably believe that the HTTP and SSL protect website from cyber attacks. Unfortunately, it is not, because of the above protocols to protect the connection, not the website.
In the browser secure and non-secure domain will look very similar, the only difference between them is the name of the Protocol before the URL:
- The website uses a secure connection will appear in the address bar like this: https://www.traff.co/
- A site that uses normal non-secure connection – so http://www.traff.co/
Both protocols require a digital certificate that can be per domain, for multiple domains, or so-called WildCard.
Data sent using HTTPS are secured using Transport Layer Security protocol (TLS), which provides the following 3 layers:
- Encryption. SSL encrypts the transmitted data with the aim of protecting them from interception. This means that nobody else will be able to track user activity on a web site or steal personal information.
- Data safety and integrity. Data cannot be imperceptibly altered or corrupted, whether deliberately or accidentally.
- Authentication. Confirms that the user is on the site he wanted to go. It also protects against a variety of intermediary attacks, ensuring data integrity.
If you are a regular user of the Internet, you need to know that when you see the lock icon before the website domain in the address bar, this means that a website is using a secure connection and we can safely Transact on this website.
If you are a site owner, you may want to read on to understand why you need to translate your website on a secure connection and how to switch from http to https.
Why go from http to https?
Let's start with the fact that even in 2014, Google first announced that the use of protective connection will be treated as a positive ranking factor. Ie priority in organic search results of Google will be given to sites using the HTTPS Protocol.
This initiative was picked up by the leading browsers. Thus, initially, Mozilla Firefox, and recently Google Chrome has announced that they plan to mark in search results sites using insecure connection, informing users on the Internet.
Therefore, if you are the owner of the site, on which certain payments, you should think about switching from http to https because it will directly affect the position of your website in organic results, as well as on the click-through rate (CTR).
The credibility of your website crashes from users if you are not using a secure connection. In my opinion, the pros of the transition is obvious. However at the moment only a small fraction of a percent of web sites use a secure connection.
Why? The fact is that migrating from http to https looks complex and intimidating for many owners of web sites, although in reality it is not so. Moreover, moving the site to a secure connection today, after a year or two you fully appreciate the results and be far ahead of your more conservative competitors. By the way, many site owners have realized this need. This in particular is the fact that this year the number of clicked on http top sites doubled compared to last year.
Let us now consider how to translate your website from http to https.
How to switch from HTTP to HTTPS
- Use a test server. This is important because working on the test server, you can configure them correctly without breaking anything on the live site. After you pass the whole process of migration on a test server, you will be able to transfer the results to a production server.
- Index the current web site by using programs Screaming Frog in order to know its current state and for the purposes of comparison.
- Read the documentation on HTTPS for your server type.
- Get a security certificate and install it to your server.
- Update all internal links in the content of the site. This can be done using search-replace in the database. You will need to update all the internal links using either relative paths or paths with HTTPS.
- Update internal links in the site files
- Update the tags rel=”canonical”. Most CMS will do this automatically after you switch to HTTPS, but still worth to check.
- Update all modules/plugins/add-ons to make sure nothing is broken and there's nowhere left unprotected content.
- Apply settings specific to your website's CMS. For most CMS is well-described documentation for the migration to HTTPS.
- Re-index your site using Screaming Frog or another similar program to make sure that nothing is broken.
- Make sure that all external scripts and libraries support HTTPS.
- Set up redirects via HTTPS. This step will depend on your server and its settings, but it is very well documented for Apache, Nginx and IIS.
- Update your old redirects.
- Update the file sitemap.xml using the new Protocol
- Update the file robots.txt by incorporating a new sitemap.
- Enable HSTS. This setting will allow the browser to always use HTTPS, which will eliminate an additional check on the server and speed up loading site.
- Turn on OCSP. This setting will force the server, not the browser check has not been revoked security certificate.
- Connect support HTTP/2.
- Add the HTTP version of your site to the Web masters of all the search engines and update them with the link to the sitemap
- Update the file reject links if you used one.
- Update your URL parameters if you used any.
- Congratulations! You're ready to release.
However, in most cases after the release of the work does not end there. If you undertake some activity to promote your website then you will need to update the website URL in all advertising campaigns. Also if you have the time and opportunity to do so, you can try to update and URL on sites that link to your website.
A very important task when migrating your website from http to https is to prevent the loss of traffic from search engines.
Common problems when migrating from HTTP to HTTPS
Most of the problems that occur when migrating from http to https in some way connected or incorrectly configured redirects, or incorrect transfer of the site from a test environment. So be careful when you transfer.
Among the problems may be the following:
- Duplicate content
- Different pages for http and https versions of the website.
- Prohibition of incorrect indexing of pages by search engines