• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
Red Kite Creative logo

Red Kite Creative

  • Web Design
    • Custom WordPress Website Development
    • Responsive Design
    • Completely Custom Web Design
    • Ecommerce Website Design
  • Site Management
    • WordPress Maintenance and Support
    • WordPress Performance Optimization
    • WordPress Training and Consulting
  • Portfolio
    • All Projects
    • WordPress
    • Ecommerce
  • About
    • About Red Kite
    • What We Do
    • Working With Us
    • Testimonials
  • Blog
    • The “Minding Your Business” Blog
  • Contact

Moving From HTTP to HTTPS: Part 1 of 2

April 7, 2017 by Debbie Campbell

Making the move from HTTP to HTTPS is now something I’d advising all my clients to do for a number of reasons:

1) Google Chrome and other browsers are now pointing out sites that aren’t secure in the address bar.

2) Google Search is now beginning to use HTTPS as a ranking signal, so switching can benefit SEO rankings.

3) When you use HTTPS you show your customers and visitors that you’re concerned about their safety and doing your part to protect them (as well as your yourself and your staff or employees).

4) It builds credibility – you don’t look very legitimate when your URL has an insecure site warning beside it. Especially for ecommerce sites people are looking for the green padlock.

What does it mean in practical terms for you? Imagine this…

You could be at a coffeeshop using their wireless network. You login to your (unsecured) website. A hacker sitting a few tables over is watching the network, sees you come online and watches your keystrokes as you login. Simple as that, they know how to get into your site. It’s so easy it’s scary for people who know what they’re doing.When you login to your HTTPS site, though, anyone eavesdropping on the network can see where you go, but they can’t know how you logged in or what you’re doing on your site once you’re logged in. Using HTTPS makes it harder for people to intercept things moving across a network or to know what people inside a secure site are doing.

But FYI: secure does not necessarily always equal safe. You could visit another secure site that’s been hacked, and even though your connection is secure, you are not safe from whatever they might try to do to your computer.

Getting Started

1) Buy and install an SSL certificate.

Many hosts sell these, and even though they might be a bit more expensive, they’ll usually install them for you at no charge. This is usually worth it for the convenience. Single-site SSL certs are typically $10-$50/year.

You don’t need to buy a $100 certificate for your single site – a $10 cert is as effective as a $400 one. The difference is in the amount of insurance they provide, but typically for most small business sites you’ll be fine with a less expensive cert.

If you have multiple domains to protect (mysite.com, surfing.mysite.com, travel.mysite.com) you’ll need a multisite cert, typically $30-$250/year depending on how many sites are involved. If you’re not sure of the number of sites, a wildcard cert will cover unlimited numbers for $80-$200/year.

Finally, some progressive hosts who recognize the value of securing more of the web offer free SSL certs like Let’s Encrypt. If you’re hosting with me, you have this available to you right now, get in touch to have it set up.

2)  If using WordPress, change the Site URL and WordPress URL to HTTPS.

Do this in Settings > General, and you will be logged out when you make this change.

3) Check to make sure the certificate is installed correctly: https://www.sslshopper.com/ssl-checker.html

You want to make sure it recognizes the SSL cert and shows that both www and non-www domains are included.

4) Check all the pages for the green padlock. If you don’t see it, that means there’s mixed content on the page – something is still using HTTP.

This is the often the big scary bear when moving to HTTPS – tracking down all those hard-coded links. You will have to dig into the code or theme files to do this, and it can be quite time-consuming. Once you have every link changed and are getting the green padlock everywhere…

4) Add 301 redirects from HTTP to HTTPS.

This is critical to preserve your search rankings! You must 301 redirect every old HTTP URL to their respective new HTTPS URLs. Fortunately this is pretty easy. Where you do it depends on the type of hosting you have – most will have Apache, and for that you add this code snippet to your .htaccess file: http://codepen.io/kanjigirl/pen/jBJqro

That will people and bots visiting the old HTTP pages to be forwarded automatically to the new HTTPS versions.

—
This is the end of Part 1. In an upcoming post we’ll go over the SEO tasks that have to be done during this switch. If you have questions about this process and why it’s important, or need help getting it done for your site, feel free to contact me.

Share this content...

Filed Under: Security Tagged With: https, ssl, security, http

Previous Post
Next Post

Primary Sidebar

Categories

  • +News
    • Launches
  • Ecommerce
  • +WordPress Info
    • Plugins
    • Website Performance
  • +Getting Help
    • Hiring a Web Professional
    • Consulting
  • Hosting
  • +Productivity
    • Client Relationships
    • CRM
  • +Resources
    • Analytics
  • -Security
    • Privacy
  • +Self-Promotion and Marketing
    • Blogging
    • Business Credibility
    • Measuring Website Success
    • Branding
    • Newsletters and Email Campaigns
    • Video Marketing
    • SEO
    • Podcasting
    • Social Media
    • Website Content
    • Establishing Trust
  • Scams
  • +Training
    • Tutorials
  • +Web Design
    • Website Usability
    • Graphic Design
    • Website Forms
    • CMS
    • Ecommerce
    • Responsive Web Design
    • UX
    • Information Architecture
    • Web Typography
    • Conversion Rates
© Copyright 2022 Red Kite Creative LLC · All Rights Reserved · Client Support · Privacy
Mmm, cookies! This website uses cookies to give you the best user experience. Manage cookies >View cookie policy >Accept
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website.

We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

Learn more about our privacy policy.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT