How secure is your website?
Google is getting increasingly serious about website security. For a few years now they have been gradually making it more attractive for websites to have an ‘SSL certificate’, which makes the transfer of data between a website and a person’s browser more secure. Read more about SSL here.
From October 1st 2017, websites with any kind of text input (for example a contact form) will require an SSL certificate if they want to avoid a “Not Secure” warning in the address bar of Google's Chrome browser.
In the worst case, if your website doesn’t have an SSL certificate, people will be sent to this page, not your website:
Is my site affected?
Here are 2 questions to ask yourself:
- Does your website take any text input? This includes contact forms, site search, newsletter signups, and login areas.
- Is your website using HTTP:// in the address bar?
If you answered “yes” to both of those questions, you need to implement HTTPS... And if your site has a checkout, i.e. you sell things online, then you absolutely must get an SSL certificate as a matter of urgency.
And you need to make sure it's done in the right way so you don't risk losing visits from search engines.
What should I do next?
1. Contact your web developer and tell them you want to move to HTTPS. There are a few different ways to do this and your developer will be able to advise you on the most suitable one for your site. Check out this article on Moz for some options.
2. In technical parlance, the move to HTTPS is a ‘website migration’. This means that all the pages are moving to a completely new location. Ask your developer to use a ‘permanent redirect’ to point all the pages on their old HTTP address to their new address at HTTPS. Some developers don’t appreciate the significance between a temporary redirect and a permanent redirect, and they use a temporary one because it can be easier. Search engines however, see them as different beasts: temporary redirects don’t work as well for SEO. More on that here.
3. Ask your web developer to scan your website’s database for instances of HTTP and to replace them with HTTPS when they switch your site over. Why? Because some of the links in your website content, for example in a blog post, may link to other pages on your website using the full address, like this: http://www.yourwebsite.com/useful-page. The redirects in the previous point should pick them up, but we’d recommend this just to be certain.
These activities should see you through. However, they don’t provide you with any control or feedback on how successful the migration has been. If your business depends on visits from search engines for enquires and sales, we’d recommend you implement ‘rank tracking’. What does this do? It shows you if the migration has caused any of your pages to drop in Google’s search results, so you get fewer visits.
Here are the steps you’ll need to take:
1. Keyword research: compile a list of the main keywords that people use to find your website. Although this is a ‘how long is a piece of string’ exercise, you should be able to get a ‘fit for purpose’ list of keywords from your Google Search Console (set it to the last 90 days). If your website is a few years old or more and you’ve been running Google Analytics all that time, you’ll be able to get more keywords from Analytics. Experiment with setting the timeframe so the list isn’t dominated by ‘not provided’.
2. If you’ve used more than one source to compile your list of keywords, you’ll need to de-duplicate the list using Microsoft Excel.
You can now ask your web developer to make the move over to HTTPS. When that is complete, look at your rank tracker every day for at least another week, ideally 2 weeks, and check to see if any of your keywords have been affected.
Why do I need to look at my rank tracker for so long?
The frequency with which Google visits your website depends on the size and ‘authoritativeness’ of your website. Smaller websites with lower authority (typically those with fewer inbound links from other websites) get visited less frequently than bigger more authoritative ones. So Google may not ‘notice’ that your website has migrated onto HTTPS for a week or so.
by Ned Wells, CEO, Zanzi Digital
Please feel free to contact us if you’d like any further information on this.