I'm asked this question more and more. Should I change my WordPress website to HTTPS from HTTP? Do I need to do it now?
As always with websites and digital, some technical aspects need to be considered, however. Here are my thoughts on business impact and actions you need to plan for. Without going into the technical minutiae, if you need that level of insight, drop me an email, and I can go through it with you.
It is in the news due to a Google update. Google is pushing hard for HTTPS on all websites. Google has an emphasis on a more secure internet. Which is commendable. However, Googles decisions have a significant impact on businesses, especially small businesses. Decisions Google makes has an impact on your budgets, even if changing from HTTPS to HTTP was an easy project, it still has a cost.
HTTPS as a ranking signal. View Googles thoughts.
SEO and HTTPS benefits
Initially a lightweight ranking signal, it is now considered a more critical factor. Browsers are showing none SSL (Secure Socket Layer) sites as insecure, Chrome specifically from October 2017. The majority of websites are still on HTTP, over time that will change, at an ever-increasing rate. Having HTTPS seems to correlate with better search rankings – check out SEMrush data.
Additional reasons the move to HTTPS;
- Better data
There are solid reasons to migrate to HTTPS. However, as you can see below it needs to be done correctly to avoid any issues, this involves a chunk of time which needs to be planned for.
What to do before you change over
List your URLs
With any significant change on a WordPress website, you need to plan and put things in place to limit any negative impact. The first thing to do is to create a list of all your current URLs. With small websites, this is easy, with larger websites you will probably need the help of software to do this. My longtime favourite is Screaming Frog. Alternatively exporting from Google Analytics – follow the process here. You should now have a full list of all of your website URLs.
Choose a certificate
Buy a certificate
You will need to buy your SSL certificate, although many hosting companies are offering them as part of their hosting packages. Check with your hosting provider to see what they offer. My preferred hosting provider is WP Engine, check them out here. SSL provides a secure connection between browser and server.
There are different types of SSL - in basic terms;
- Simple - general protection, good for login/admin areas
- Standard - additional safety when visitors are making payments
- Extended - high visibility security
Let's Encrypt offer a free SSL certificate, so that could be a route to go down. Check what your current hosting offers.
If you use CloudFlare for performance, they also provide free SSL certificate and redirections by their page rules setting.
Get your website ready
When you are ready and have a recent back up of your WordPress website, it is time to change your websites URLs to HTTPS. This includes internal links; subdomains, Canonical tags, Hreflang tags OG and Twitter tags (for social media), Resource links; images, JS, CSS, Videos, PDFs. Plugins may be affected, so keep an eye on those.
You may need to add specific 301 redirects to prevent any SEO issues. Ideally at the server level, especially for websites with a large number of pages.
Other important things to action
There are a few more things to do to cover all eventualities. Your website should be connected to Googles Search Console (formally Google Webmaster Tools). In that area aim to do the following as a minimum: add https versions of your domain, fetch homepage as Google, request indexing and resubmit any sitemaps.
Update your Google analytics to HTTPS. Update any social profiles. Update any URLs on any PPC campaigns, update URLs on any email marketing campaigns, plus any other external URLs that are appropriate to your site.
Need help with HTTP to HTTPS?
We are here to help. We can action everything so you can do what you do best, running your business.
There are WordPress plugins available to help you with the process
At the time of writing, I haven't tested any of these plugins on a live project. So please proceed with due diligence.
Going forward, keep an eye on your Google Analytics, Search Console, keyword rankings and social media activity, so you can spot any issues early on and get them fixed.