Securing your site with HTTPS
We’ve been advising our clients for well over a year now to start using HTTPS sitewide if they aren’t already. In the past using HTTPS on secure pages was good enough but not anymore.
Google has formally stated that sites using HTTPS will rank higher than comparable sites not using it. Also, starting in October 2017 Google Chrome will show a warning of “NOT SECURE” when users enter text into a form on an HTTP page, and for all HTTP pages in Incognito mode. This warning is part of a long-term plan by Google to mark all HTTP pages as ‘not secure’. So, what does this mean for your website? If your eCommerce store is still using HTTP pages then it’s time to migrate over to HTTPS.
What is HTTPS?
HTTPS stands for Hypertext Transfer Protocol Secure. Data sent with HTTPS is secured using Transport Layer Security (TLS) and provides 3 layers of protection according to Google:
- Encryption- encrypting the exchanged data to keep it secure from eavesdroppers.
- Data Integrity- data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
- Authentication- proved that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates to other business benefits.
A security certificate needs to be obtained as part of enabling HTTPS on your site. This certificate verifies that your website address belongs to your company. Google recommends setting up your certificate with a 2048-bit key to maintaining a high level of security. You likely already have this certificate if you’re taking credit cards. Your web admin can likely assist with enabling HTTP to HTTPS and updating settings and forwarding.
You will also want to make sure that your HTTPS pages can be indexed and crawled by Google by doing the following:
- Don’t block your HTTPS pages by robots.txt files
- Use Fetch as Google to test that Googlebot can access your pages
- Don’t include meta noindex tags in your HTTPS pages
Migrating from HTTP to HTTPS
Google treats this migration as a site move with a URL change. Be advised that this can temporarily affect your rank. If possible it’s best to try to time the change during a slow period to lower the impact in case something doesn’t go as planned.
Sharp Commerce is experienced in helping our clients make the move from HTTP to HTTPS.ÃÂ It’s important to make sure that it’s done right, so if you need help please reach out to us for a complimentary call to discuss your migration.