Allow me to jump straight to the point: it's a very good idea to encrypt your website with the SSL (Secure Sockets Layer) protocol without delay. Google recently stated that from October 2017, Google Chrome users will see a "NOT SECURE" warning when they submit data on any form on a non-SSL secured webpage.
Why migrate to HTTPS? And how?
The first step is to activate SSL via your web host control panel (most hosts offer a 1-click service to set this up). Once activated, you'll need to fully optimise your site for the switchover (more on this later). Users will then see the trusted "Secure / green lock" symbol in the address bar and your URL will contain HTTPS instead of HTTP. This of course will garner added trust and credibility to potential clients or customers. All data transmitted via HTTPS is secured using the Transport Layer Security protocol (TLS). This provides the following protection layers:
- Data confidentiality - SSL (Secure Sockets Layer) will ensure user data will always be encrypted and transferred safely on your site. For example submitting a contact form, online store checkout, engagement in blog conversations etc. Site users will never have their activities tracked, or sensitive data stolen.
- Data integrity - Any data transferred by a user on your website cannot be corrupted or modified. For example, another user on the same network could alter the content of the unsecured website, reduce image quality or implement advertisements.
- Data authentication - Makes sure that users are communicating only with your site and protects against third party attacks. Moreover, users will have more trust on your site when they see that it's secured.
It's clear (and for good reason) that Google wants to see a more secure web. As outlined in their HTTPS as a ranking signal article, they currently apply a lightweight ranking signal to secured, encrypted connections and may apply more weight to this signal over time. Google also provided a nice article on how to secure your site with HTTPS.
Common pitfalls to avoid when using Secure Sockets Layer
- Content duplication - A canonical reference should be placed in the meta data of your HTTPS site, to tell Google that this is the primary version of your site. You should also make sure that the content on your HTTP site matches identically.
- Crawl errors - Make sure your site isn't blocked from crawling in your site's robots.txt
- Indexing errors - Avoid using the "noindex" meta tag
- Mixed content - All page content on the site should be linked using HTTPS. If you're using WordPress, I recommend Really Simple SSL. This plugin will take care of these issues by simply installing and activating.
- Protocol & certificate versions - Make sure you have the most up to date SSL certificate and TLS protocol, to avoid vulnerabilities
- Search Console - Update your Google Search Console with the HTTPS property, as Google treats HTTP & HTTPS separately. While doing so, also submit the sitemap for the HTTPS site, which will help Google's indexing of your site.
In addition to the above, please do not attempt to migrate your site to HTTPS if you are not experienced with website management or development. It would be a good idea to hire a web agency or professional to do it for you. It's quite a straightforward job and doesn't take too long. However if not done properly, it could harm your website and it's standing with Google. But don't be intimidated, go for it! Put simply, it won't be a very good look for your business if potential clients start seeing the "NOT SECURE" message on your website from October. Happy migrating!