Many businesses start their online stores without comprehensive knowledge of how a site actually works. The way information is shared on the internet, and how customers find them, has a big impact on the success of a company, yet many business owners don’t understand HTTP or HTTPS. Learning how to use these tools is in the best interest of every business owner and can help ensure you enjoy sales and exposure on all levels.
What is HTTP and HTTPS?
HTTP, also known as HyperText Transfer Protocol, is how network administrators share information. Every website starts with these letters to ensure that it can be read and understood by search engines and admins everywhere.
Once HTTP became the standard, it wasn’t hard for users to intercept information being shared and steal it, so HTTPS (HyperText Transfer Protocol Secure) was developed for information safety. HTTPS encodes the information being transferred, so only the sender and receiver can interpret and read it. Even if the information is intercepted, the document will look like a random series of characters unless it’s accessed with the correct SSL certificate.
SSL, or Secure Sockets Layer, allows data to be transferred securely from place to place. For example, the domain owner, who is also the owner of the SSL certificate, can share this certificate with specific users and allow them to purchase products and services safely.
Why Is HTTPS Important?
As one of the biggest platforms for online sales, BigCommerce is particularly invested in the security of the information that their clients receive from their customers. In fact, Patrick Yang, Enterprise Account Manager at BigCommerce, recently recommended that every seller move to HTTPS “because on Jan. 17, Google also began explicitly labeling HTTP connections as non-secure on Chrome.” He believes that “site security and data encryption, in general, are best practices that directly affect shopper confidence and builds trust that all users have now come to expect when visiting eCommerce sites.”
In addition to more protection for customers, using HTTPS also helps with the loss of referral data that happens when switching between secured and unsecured websites, prevents ad injection into hotspots, and results in higher rankings on Google, as Google considers the security of your site as a factor when crawling it.
HTTPS Protects Your Business and Your Customers
Using HTTPS, data is sent via Transport Layer Security that provides three important layers of protection: encryption, data integrity, and authentication.
Keeping data encrypted during transfer protects the user who is browsing a website. With HTTPS, Google, as well as the site they’re using, can track their activity and follow their movements across multiple pages, but nobody else can access this or steal information.
During transfer, encrypted data cannot be modified or corrupted without being detected—even if legitimate users make an error.
When data is sent or received, it must be authenticated to prove that the users are communicating with the correct website. It blocks any interception attempts and helps companies build user trust in the long term.
How to Make the Switch
There are a series of steps that must be completed in order to correctly transition a site from HTTP to HTTPS. When working with BigCommerce specifically, sitewide implementation of HTTPS is typically easier, as all you have to do is make sure you have an SSL installed and BigCommerce will take care of the rest—even the HTTP to HTTPS redirects.
If you don’t have BigCommerce, or aren’t sure where to start, the transition process generally follows a checklist like this:
- Work on a test server, as it will save you from making mistakes in real time.
- Crawl the current website for future comparison purposes. Screaming Frog is a great option that will do a thorough job.
- Read up on any server or CDN documentation for HTTPS.
- Get a security certificate (SSL) and install it on the server.
- Search and replace any references in the content to ensure all references and internal links are using HTTPS or relative paths.
- Update your reference templates to use https.
- Make sure tags have been updated including canonical, OG, and hreflang tags. Some CMS systems do this for you, but others don’t.
- To avoid breaks and insecure content, update all plugins, modules, or add-ons.
- Change any CMS-specific settings.
- Crawl the site again to avoid missing or broken links.
- Make sure all external scripts support HTTPS.
- Force HTTPS with redirects and update any old redirects currently in place. If you conduct a comprehensive redirect QA, you shouldn’t experience a drop in rankings or traffic.
- Update your sitemap to use HTTPS versions of all URLs and update your robots.txt file for the new sitemap.
- Enable HSTS, ensuring your browser always uses HTTPS. This eliminates a server-side check and makes the site load faster.
- To keep the browser from having to cross-reference the issuing certificate authority, enable OCSP stapling to allow the server to check the security certificate.
- Add HTTP/2 Support.
- Add the HTTPS version of the site to search engine versions of webmaster tools and load the new HTTPS sitemap. If you see traffic drop, it’s due to the transition of traffic to the HTTPS profile.
- Optional: Update your disavow file — if you had one, and URL parameter settings — if they were configured.
Now it’s time to go live!
After the Transition
To ensure you’re tracking your new HTTPS correctly, update the default URL in your analytics platform with notes about the changes for future reference. You may also want to update any social accounts, paid media, or email campaigns with new URLs.
If you have the time, it’s also beneficial to clean up any incoming links. There is a lot of outreach and effort involved in this and it doesn’t always make a dramatic change in ranking value. While ensuring incoming links have the correct URL isn’t critical, you do want to change any incoming links from items directly associated with or owned by you, like social profiles or PPC ads.
There are a few things that can go wrong during the HTTP to HTTPS transition including:
- Duplicate content between the two versions of the site.
- Preventing crawling because of a failure to allow bots on the server.
- Different versions of the site showing up in HTTP and HTTPS.
Most of these problems are the result of badly implemented redirects and can be minimized with proper QA work during the migration process.
Working with an Expert
While the switch to HTTPS seems like a long a complicated process, intimidating to many business owners, when you work with an experienced team, you can accomplish the switch quickly and easily.
Coalition Technologies specializes in the transition from HTTP to HTTPS, and can make the process a breeze. One of our BigCommerce Enterprise clients, Nine Line Apparel, recently requested we help them with the transition, and they couldn’t be happier.
According to Myles Burke, “[He] felt like the whole project was handled with much care and the switch to HTTPS didn’t take long at all.”
If you’d like to work with a team who treats every project with care and attention, reach out to Coalition Technologies for more information.