HTTP vs. HTTPS explained
There are two different types of protocols, HTTP and HTTPS. This can be a bit confusing, so let’s break it down:
HTTP, which stands for HyperText Transfer Protocol, is the protocol over which data is transferred between the client’s browser and the website they are connected to. We’re all familiar with the term HTTP; after all, every web address starts with it.
On one side, HTTP has been working great for ages, plus it’s fast and reliable. On the other hand, it’s about as secure as a diamond at a cat burglar’s convention.
Data transmitted over an HTTP connection is dangerous and vulnerable to being intercepted by third parties, especially on public wireless networks or compromised routers.
HTTPS is the secure counterpart to HTTP – it literally stands for HTTP Secure. HTTPS uses the SSL (Secure Sockets Layer) protocol to encrypt communications and ensure that data travels securely between the client and the server. An SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and the browser remain private and secure.
Impact on SEO
In 2014, Google announced they would begin using HTTPS as a ranking signal when displaying search results; meaning those sites using HTTPS encryption are rewarded with an SEO boost.
Google recently announced that its Chrome internet browser would begin warning users about non-secure websites–including those HTTP sites–beginning January 2017. Alongside a warning message that discredits the security of the site, it will also make the site rank poorly on SEO charts.
Who this affect most?
This will have a big impact on those sites that transmit passwords or credit card information that are not using HTTPS. Well, guess what? All WordPress websites have an administrative login page that requires a password, therefore by default they fall into this category. That’s correct, all 75 million WordPress websites.
Why Switch to HTTPS?
Switching to HTTPS will protect sensitive information like passwords and credit card information from being stolen. If your site runs on HTTPS, you also won’t have to worry about scaring your visitors away through warning alerts in their web browser. Actually, it’s quite the opposite. By having an HTTPS users will likely see a positive notification in their web browser, such as a green lock icon with the “https” portion highlighted in green.
Make the Switch to HTTPS… Now!
Ready to make the switch? Here’s how it’s done:
Step 1: Purchase an SSL Certificate
First and foremost, you’ll need to purchase an SSL Certificate. If you just starting out, ensure that you ask your hosting provider what options are available to you.
Planet WP is an authorized reseller of SSL Certificates. We offer a special discount to Planet WP members. This will cost you $40 per year, which is a great price for a premium SSL certificate.
Not all SSL certificates cover both types of domains, namely www.example.com and example.com; however, our SSL certificate does. If for any reason you think your website requires a special type of SSL certificate, consider reaching out to a professional company for additional options, but these unique wild card certificates are rare.
Step 2: Update the WordPress Settings
Once you’ve set up the SSL certificate, you need to make some changes in your general settings menu. Log into your WordPress admin account and go to Settings > General from the left side navigation menu. Under the WordPress Address (URL) and Site Address (URL), you need to change your URL from HTTP to HTTPS. Don’t forget to save your changes.
Step 3: Redirect HTTP to HTTPS
This may be the most difficult task, especially for new users. First, check with your hosting company to see if they will automatically redirect HTTP to HTTPS for you. If not, you need to update the .htaccess file in your root directory, which can be done through your FTP client.
If for any reason you are running into challenges redirecting HTTP to HTTPS, your friends at Planet WP will gladly do it for you, for a marginal fee of course. Feel free to contact us and we’ll provide you with a custom quote.
Step 4: Update your Information with Google
The are two different accounts with Google that you should have, namely a Google Search Console (formerly Webmaster Tools) account and a Google Analytics account.
Add New Address to Google Search Console
First, you’ll need to update your website information through the Google Search Console. Log into your Google Search Console account. On the homepage, you will see the old HTTP property. Go ahead and remove it by clicking on the Manage property button > Delete property. You can now add the new HTTPS URL by clicking the Add a Property button.
Type in the new HTTPS URL and click Add.
Next, you’ need to verify your new HTTPS address. Keep in mind, that depending on how you previously verified your old property, that this step may already bee completed. For example, we verified our site using the HTML tag option, so Google provided us with a notification that the site was already verified using this method. If that’s the case, simply click verify and you’re set. For detailed instructions on verifying your site, check out How to Add your WordPress Site to the Google Search Console (coming soon).
Next, you’ll need to change the Default URL and Website’s URL settings in Google Analytics. Start by logging into your Google Analytics account.
- To change the Default URL Setting:
Select Property > Admin > Property Settings > Change Default URL to HTTPS. Then, click Save.
- To change the Website’s URL Setting:
Select Property > Admin > View Settings > Change Website’s URL to HTTPS. Then, click Save.
If you don’t have Google Analytics installed on WordPress, you should! For detailed instructions, check out our How to Install Google Analytics on your WordPress Site.
If you like this article, please share it with your friends our like it on Facebook.