Https is the future of the web: not only does it protect your site from intruders, it also keeps your users’ data safe and gives you slightly better SEO. Plus, many new web platform features require a site to have https in order to work. And to top it all off, Chrome is rolling out a “not secure” label on all sites that don’t use https, starting with any page that has a password form or credit card field.
What does it do?
Http stands for “Hyper Text Transfer Protocol” and is the protocol that sends data between your browser and the website you’re reading. Https is “Hyper Text Transfer Protocol Secure”, and is the secure version of this protocol — instead of being sent as-is, the data is encrypted before making its journey. This is particularly important when sensitive data is being shared, such as on online shopping and bank websites.
Until recently, sites running financial transactions were the main users of https; but that’s changing. Now, every respectable website should have at least the basic level of SSL certificate, which is the tool used to encrypt the data.
More Secure? More Speed? SEO Benefits? Yes!
Not only will site data be more secure, there’s also speed benefits thanks to https/2, the most-recent version of the http protocol. How much faster is http/2? About 1.8x faster per request, adding up to real-time page-speeds sometimes dropping by over 1 second! That’s a significant competitive advantage.
You can test http/1.1 vs http/2 here, and there’s a good write-up on why it’s faster here. But here’s the crux: with http/2, we no longer have to concatenate and minify files – less server load and faster page times. Test suites like Pingdom, Google PageSpeed and GTmetrix are still going to complain about concatenation, but it’s no longer needed! In fact, it’s becoming an anti-pattern thanks to http/2.
Http/2 is only available for https sites, so that’s that!
With more speed comes better search rankings; and not only that, https became a minor ranking indicator for Google search results in 2014, so it’s a double win.
I want one!
If you are one of our hosting and maintenance clients, this service is for you. (If you aren’t, sign up here!) It’s perfect for business sites, publishing houses, and blogs.
- Purchase a security certificate on your behalf.
- Install the certificate on your site.
- Make the changes to your site that are required for https to function correctly.
If your site is ecommerce, high traffic, or complex, this isn’t the right service for you — you need a different certificate, and the installation process is more complex. Please email [email protected] for pricing.
1. What about those free certificates?
We were initially looking at a free certificate option which has recently become available, but the time involved in acquiring these makes them impractical. These should be more widely available by this time next year, which means that renewing the certificate in a year is likely to be free. The cost of this service covers the cost of the certificate as well as the 2-4 hours of development time required to install the certificate and check the site.
2. Will my social shares be affected?
There have been reports of social share counts on some sites being affected when an SSL certificate is installed. This is because social sites see the http and https versions of websites as two different things entirely.
We can’t guarantee that social shares won’t be affected when we do the upgrade.
Some social share plugins do a good job of maintaining social shares after the change. Generally, they do this by storing the shares from the http version of the site in their system, then adding on the new, https shares to give a total. We’ve found that these plugins do a good job of this:
So if you have one of these plugins, it is very likely that your social shares won’t be affected.
If you don’t have one of these plugins, or if you have one and find that your social share counts are affected, purchasing Social Warfare after the upgrade is an option. It can gather the shares from the http URL for many social networks, even after the site has been moved to https.
Please be aware that these plugins rely on the social media networks making the share counts available. If Facebook changes their system to make it harder to access the old share counts, there’s not a lot the plugin (or we) can do. We’ve been speaking to the Social Warfare developers about this, and they commented:
“We’ve noticed recently that many social networks (including Facebook) are changing their APIs to make recovery more difficult. From their point of view, maintaining old count numbers creates unnecessary workload for the API and it’s much easier to only calculate shares for current/accessible URLs. Obviously this is very distressing for us since recovery is a large part of our plugin’s appeal.
Right now LinkedIn and Pinterest are still 100% recoverable, but the other networks are hit or miss. Our development team is working to find a way around the API changes, but it doesn’t look good at this moment.”
This increased risk of lost social shares isn’t great. However, we still recommend you go ahead with the upgrade — it’s better to get on to HTTPS sooner, to start building new social shares on the new URL.
3. Social shares are really important to me!
If social shares are really important to you, we strongly recommend that you purchase and install Social Warfare before
the upgrade. Just let us know that you’ve done that, and we’ll add an extra step into the upgrade process.
We looked into purchasing a developer licence for this plugin to make it available to all of our hosting clients, but unfortunately this isn’t possible. That means that it needs to be purchased individually, for each site.
However, as mentioned above, we can’t guarantee that all social shares will be maintained, even with this plugin.
4. Will my Domain Authority be affected?
The upgrade to https should not affect domain authority. There is always a small risk that any change to your site will affect your DA, though. We follow all the best practices, suggested by Google, and can’t take responsibility for a change in DA after the https upgrade.
5. I have ads on my page, will that make a difference?
It could do, if the ad doesn’t have a secure URL. In fact, if something on your site loads using a URL that isn’t https, then the secure status will break. During the upgrade, we will automatically scan your site to identify and fix mixed content warnings. These could be caused by widgets, images (perhaps hosted on another site) or ads.
Where we are unable to fix the issue ourselves, we will provide you with a list of all issues and suggestions for resolving them.
This is an ordinary part of the process and many sites will require small changes of this kind.
6. What kind of changes will you be making to my site?
- Change every internal link on your site that’s on the old URL to https, and create redirects. This tells Google (and everyone else) that the https version is now the correct one.
- Scan the site to find any insecure content that would break the padlock, and fix it where we can. Sometimes we need your help with this.
- Update Google Analytics and Google Search Console so they know about the new address.
- At server level, we make sure that the server will force all connections by https and we enable http/2 (which is where the performance improvements happen).
7. Can’t I just buy and install the certificate myself?
We really don’t recommend you install the certificate yourself. The installation part is relatively straightforward, but making the changes outlined above can be technically quite difficult.
Note: This section contains affiliate links.
Let’s do it!
Sign up for the https upgrade using the buy now box and we’ll get started right away!
If you have multiple sites to upgrade, you can increase the number of packages at checkout.