Sitewide HTTPS – The Time Has Come to Switch
Back in 2014, Google announced that their Chrome browser would start showing regular ‘http’ sites as ‘insecure’. Google has been pushing site-wide https for a while now, as they also started giving sites running in full https mode a little boost in their ranking algorithm as well. With the release of Chrome version 53, you will now see this on a site that is called in normal http:
Obviously this is not what you want your customers to see, as many of them don’t even understand the difference between http and https. All they will see is ‘not private’ and they will either abandon the site, or hesitate to purchase. This will get even worse in January, as this is how an insecure page will look:
Eventually, Google will be displaying this for http, although the exact dates haven’t been given yet:
As much as I have been resistant to this change due to the fact that https slows down the site (which Google also factors into its algorithm), but this change to Chrome has pretty much forced our hand.
How to Implement site-wide HTTPS
First, you need to make sure you have an SSL certificate installed on your server. If you are running an e-commerce site, this should already be in place. If not, get one ASAP as there is absolutely no way you should be collecting private info (especially credit card data) over an insecure connection. Your host will be able to help you with this.
Next, you need to configure your shopping cart software to run in https. On some carts there is a checkbox, on others you need to change a configuration in the settings, and on some you need to actually change a value in the database. Contact your shopping cart provider or developer to find out which one applies to your site.
After you switch to https, you need to tell Google that your site is running in https and to ignore the http version. This is to prevent duplicate content penalties – you don’t want two copies of your site indexed by Google. Again, some shopping carts will do this for you, while others will require you to edit your .htaccess file. This is not something you should attempt yourself, as you could cause irreparable harm if done correctly.
You will also need to update your Google Analytics account to use the https version of the site, and submit your https site to Google Webmaster tools. Unfortunately you can’t change your existing webmaster tools account to use https, you have to submit a new site and a new sitemap. Your developer may handle this for you as well.
Once you do switch to https, make sure all pages are actually being called in https. You will see the ‘insecure’ icon if there are any items on the page being called insecurely. You can view those by clicking on the insecure icon, which will show you any problems:
Sound a bit too complicated to do yourself? Not to worry, we’ll handle this for all of our clients. Please feel free to drop me a line to schedule the transition for your site. If I don’t hear from you before mid-December, I’ll be contacting you to update your site. Questions? Feel free to Contact Us!