HTTPS (Secure Hypertext Transfer Protocol) is an internet transmission protocol that protects data integrity and confidentiality between the user’s computer and the website. Users expect a secure and private online experience when using a website. Google recommends using HTTPS to protect a user’s connection to your site, regardless of the content on the site.
|Instructions for converting HTTP to HTTPS|
- Why use HTTPS
- SEO Checklist when switching to HTTPS
- Common problems when switching to HTTPS
- Google’s recommendations for scrolling
- Steps to convert to HTTPS
Switching from HTTP to HTTPS can affect rankings if you don’t plan accordingly. However, after switching to HTTPS, your rankings will really improve over time. Google announced in 2014 that having an SSL certificate would be considered a ranking factor positive, so it’s worth the investment.
Google confirms a few reasons to switch to HTTPS in their guide:
Data sent using HTTPS is secured over the Transport Layer Security protocol (TLS), providing three main layers of protection:
- Encode—encrypt the data exchanged to secure it from eavesdroppers. That means while users browse the website, no one can “listen” in their conversations, track their activity across multiple sites, or steal their information.
- Data integrity—data cannot be modified or corrupted in transit, whether intentionally or otherwise, without detection.
- Accuracy—prove that your users are communicating with their intended website. This protocol protects against man-in-the-middle attacks and builds user trust, which leads to other business benefits.
There are other benefits such as ranking increase by Google considers HTTPS as a ranking signal.
|Protecting users with HTTPS|
- Use 301 redirects to all URLs from HTTP to HTTPS. Make sure it’s a 301 redirect and not a 302
- Make sure all canonical tags pointing to the URL link are HTTPS
- Use relative URLs wherever possible
- Check all internal hard-code links to HTTPS, it would be better to automatically 301 point to HTTPs
- Register the HTTPS version in both Google and Bing Webmaster Tool
- Using the Fetch and Render functionality in Webmaster Tools ensures that Google can crawl and render your site correctly.
- Update the sitemap sitemap to use the new HTTPs URLs. Submit the new sitemap to webmaster tools. Leave the old sitemap file (HTTP) for 30 days so that search engines can crawl it and handle 301 redirects (moving index and ranking from HTTP to HTTPs)
- Update robots.txt file. Add a new sitemap. Make sure the robots.txt file is not blocking any important pages.
- If the Google Analytics Tracking Code Update is needed, most GA tokens already handle HTTPS.
- Implement the HSTS (HTTP Strict Transport Security) website security policy, which responds from the header in the user-agent to the HTTPs access pages. This eliminates redirects, speeds up access, and adds safety.
- If there is a disavow file, be sure to pass any disavow URLs to the duplicate file in the new webmater tools profile.
Note the following:
- Prevent Google from crawling the HTTP version of the site or prevent it from crawling in general (usually due to an error in updating the test server to allow bots)
- Duplicate content issue with both HTTP and HTTPS versions of the displayed page
- Different versions of the page render over HTTP and HTTPS
Google has very detailed instructions on migrating from HTTP to HTTPS please read the following links:
Secure your site with HTTPS: https://support.google.com/webmasters/answer/6073543?hl=en
- Break your migration down into smaller steps.
- Move to a lower traffic time, if possible
- You may experience temporary fluctuations in site ratings during the migration.
Learn more at: https://support.google.com/webmasters/answer/34437
To use HTTPS for your website, you need to register for an SSL Certificate and configure an SSL/TLS certificate on your server.
Choose certificates from trusted providers like Comodo, Symantic (Verisigned) or GoDaddy, etc. Google recommends using certificates with 2048-bit keys
It is up to your website to decide between authentication for 1 or more domains or wildcards (multiple dynamic subdomains).
Free open software such as: OpenCA, OpenSSL, Let’s Encrypt is a free certificate you can use.
Learn more about certificate providers at: https://en.wikipedia.org/wiki/Certificate_authority
If you run and manage your own web server, there are a few things you need to enable in your server configuration before you can use SSL certificates. This guide explains the steps to take to get a certificate running on your server.
Generate a CSR request and Private Key
If using IIS webserver you choose server certificates to generate certificate request
Generate certificate request
When installing SSL for the website, the browser’s address box will display as follows:
For further instructions on installing SSL on IIS, please refer to the article: http://wiki.matbao.net/Huong-dan-cai-dat-SSL-cho-cho-IIS-8-8-5-tren-Windows-Server-2012.ashx
Notify Google when switching to HTTPS
Google considers an HTTPS migration as a migrating site with a changing URL. However you should add the HTTPS attribute in Google Search Console. HTTP and HTTPs are handled separately and do not share data.
Next generate a new sitemap file with HTTPS URLs and submit it to Google
Finally move on to other settings to new properties such as the URL parameter list and the disavow file.
After switching to HTTPS as Google says it may have a slight impact on the website’s visit and rankings and will stabilize in a short time, but you should also be careful to regularly monitor these fluctuations in Google tools. Analytics and Google Console if there is an error, it should be fixed soon.
Source link: Instructions to switch HTTP to HTTPS so that SEO is not affected